From: full-disclosure-request@xxxxxxxxxxxxxxxxx
Reply-To: full-disclosure@xxxxxxxxxxxxxxxxx
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Full-Disclosure Digest, Vol 2, Issue 6
Date: Sun, 3 Apr 2005 12:00:09 +0100 (BST)
MIME-Version: 1.0
Received: from lists.grok.org.uk ([195.184.125.51]) by MC6-F18.hotmail.com
with Microsoft SMTPSVC(6.0.3790.211); Sun, 3 Apr 2005 04:03:28 -0700
Received: from lists.grok.org.uk (localhost [127.0.0.1])by
lists.grok.org.uk (Postfix) with ESMTP id F406A5CC1F;Sun, 3 Apr 2005
12:00:09 +0100 (BST)
X-Message-Info: LGjzam7y+Lu3H/qmfvUwTum6w98YstwvEz9IMRZf3ug=
X-BeenThere: full-disclosure@xxxxxxxxxxxxxxxxx
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: An unmoderated mailing list for the discussion of security
issues<full-disclosure.lists.grok.org.uk>
List-Unsubscribe:
<https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
<mailto:full-disclosure-request@xxxxxxxxxxxxxxxxx?subject=unsubscribe>
List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
List-Post: <mailto:full-disclosure@xxxxxxxxxxxxxxxxx>
List-Help: <mailto:full-disclosure-request@xxxxxxxxxxxxxxxxx?subject=help>
List-Subscribe:
<https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
<mailto:full-disclosure-request@xxxxxxxxxxxxxxxxx?subject=subscribe>
Errors-To: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
Return-Path: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
X-OriginalArrivalTime: 03 Apr 2005 11:03:29.0197 (UTC)
FILETIME=[C444E5D0:01C5383C]
Send Full-Disclosure mailing list submissions to
full-disclosure@xxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@xxxxxxxxxxxxxxxxx
You can reach the person managing the list at
full-disclosure-owner@xxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please:
a) trim your post appropriately
b) set an appropriate subject
Thank you
Today's Topics:
1. RE: Metasploit Framework v3.0 Alpha (Randall M)
2. RE: Re: Internet Going Down For Maintenance (Randall M)
3. FBI declares war on hackers (Randall M)
4. Anyone have more info on this (Randall M)
5. Re: FBI declares war on hackers (Andrew Smith)
6. RE: FBI declares war on hackers (Debasis Mohanty)
7. Re: FBI declares war on hackers (Travis Good)
8. RE: Microsoft Windows Server 2003 "Shell Folders" Directory
Traversal Vulnerability (Eiji James Yoshida)
9. Re: FBI declares war on hackers (n3td3v)
10. Re: FBI declares war on hackers (Niccol? Roselli Cecconi)
11. Re: FBI declares war on hackers (Jeff Workman)
12. Re: FBI declares war on hackers (Milan 't4c' Berger)
----------------------------------------------------------------------
Message: 1
Date: Sat, 2 Apr 2005 07:38:08 -0600
From: "Randall M" <randallm@xxxxxxxxxxx>
Subject: RE: [Full-disclosure] Metasploit Framework v3.0 Alpha
To: 'Hern?n M. Racciatti' <hracciatti@xxxxxxxxx>,
<Full-Disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <20050402133801.6D7105CC67@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Dam. And I got all excited about "face recognition" via web cam.
thank you
Randall M
"If we ever forget that we're one nation under God, then we will be a
nation
gone under."
- Ronald Reagan
_________________________________
:-----Original Message-----
:From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
:[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
:Of Hernán M. Racciatti
:Sent: Friday, April 01, 2005 12:10 PM
:To: Full-Disclosure@xxxxxxxxxxxxxxxxx
:Subject: Re: [Full-disclosure] Metasploit Framework v3.0 Alpha
:
:This pretends to be an amused and funy joke :D
:
:P.D: But... is true... phyton is cool :)
:
:On Apr 1, 2005 2:58 PM, Rudra Kamal Sinha Roy <rudrak@xxxxxxxxx> wrote:
:> The Alpha release couldn't be found anywhere in the site..Even a
:> search reveals nothing..!!
:
:--
:Hernán Marcelo Racciatti
:
:Core Team Member ISECOM (Institute for Security and Open
:Methodologies) Coordinator OISSG, Argentina (Open Information
:System Security Group)
:
:[mailto:hracciatti@xxxxxxxxx]
:[http://www.hernanracciatti.com.ar]
:_______________________________________________
:Full-Disclosure - We believe in it.
:Charter: http://lists.grok.org.uk/full-disclosure-charter.html
:Hosted and sponsored by Secunia - http://secunia.com/
:
------------------------------
Message: 2
Date: Sat, 2 Apr 2005 07:45:13 -0600
From: "Randall M" <randallm@xxxxxxxxxxx>
Subject: RE: [Full-disclosure] Re: Internet Going Down For Maintenance
To: "'Jason Coombs'" <jasonc@xxxxxxxxxxx>, "'Carlos de Oliveira'"
<carlos.oliv@xxxxxxxxx>, "'Full-Disclosure'"
<full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <20050402134503.52F925CC66@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="US-ASCII"
I heard that they are going to run Spybot or that other microsomthing
anti-spyware
In safe-mode because of fear of a breached government intelligence leak.
thank you
Randall M
"If we ever forget that we're one nation under God, then we will be a
nation
gone under."
- Ronald Reagan
_________________________________
:-----Original Message-----
:From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
:[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
:Of Jason Coombs
:Sent: Friday, April 01, 2005 6:43 PM
:To: Carlos de Oliveira; Full-Disclosure
:Subject: Re: [Full-disclosure] Re: Internet Going Down For Maintenance
:
:> Is this serious?
:> It is not funny.
:
:It is very serious. Child pornography has spread to every
:corner of the Internet, and the only way to clean it all up is
:to first shut it all down.
:
:Surprising you hadn't heard about this earlier...
:
:Regards,
:
:Jason Coombs
:jasonc@xxxxxxxxxxx
:_______________________________________________
:Full-Disclosure - We believe in it.
:Charter: http://lists.grok.org.uk/full-disclosure-charter.html
:Hosted and sponsored by Secunia - http://secunia.com/
:
------------------------------
Message: 3
Date: Sat, 2 Apr 2005 08:02:29 -0600
From: "Randall M" <randallm@xxxxxxxxxxx>
Subject: [Full-disclosure] FBI declares war on hackers
To: "'Full-Disclosure'" <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <20050402140219.515115CC1E@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
FBI shuts down well known hacker site
http://www.crime-research.org/news/04.01.2005/1106/
thank you
Randall M
"If we ever forget that we're one nation under God, then we will be a
nation
gone under."
- Ronald Reagan
_________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050402/b5b5538a/attachment-0001.html
------------------------------
Message: 4
Date: Sat, 2 Apr 2005 08:07:37 -0600
From: "Randall M" <randallm@xxxxxxxxxxx>
Subject: [Full-disclosure] Anyone have more info on this
To: "'Full-Disclosure'" <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <20050402140726.61EBD5CC24@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
http://www.eeye.com/html/research/upcoming/20050329.html
thank you
Randall M
"If we ever forget that we're one nation under God, then we will be a
nation
gone under."
- Ronald Reagan
_________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050402/556af95e/attachment-0001.html
------------------------------
Message: 5
Date: Sat, 2 Apr 2005 16:26:25 +0100
From: Andrew Smith <stfunub@xxxxxxxxx>
Subject: Re: [Full-disclosure] FBI declares war on hackers
To: Randall M <randallm@xxxxxxxxxxx>
Cc: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <33713abc050402072667cb2a07@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Hmmm,
What's the date on that article?
------------------------------
Message: 6
Date: Sat, 2 Apr 2005 21:56:51 +0530
From: "Debasis Mohanty" <mail@xxxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] FBI declares war on hackers
To: "'Randall M'" <randallm@xxxxxxxxxxx>, "'Full-Disclosure'"
<full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <20050402162659.298E85CEDC@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"
STILL UP AND RUNNING http://packetstormsecurity.org/
<BLOCKED::http://packetstormsecurity.org/> :)
regards,
Debasis Mohanty
www.hackingspirits.com
_____
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Randall M
Sent: Saturday, April 02, 2005 7:32 PM
To: 'Full-Disclosure'
Subject: [Full-disclosure] FBI declares war on hackers
FBI shuts down well known hacker site
<http://www.crime-research.org/news/04.01.2005/1106/>
http://www.crime-research.org/news/04.01.2005/1106/
thank you
Randall M
"If we ever forget that we're one nation under God, then we will be a
nation
gone under."
- Ronald Reagan
_________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050402/96890784/attachment-0001.html
------------------------------
Message: 7
Date: Sat, 2 Apr 2005 09:33:49 -0800 (PST)
From: Travis Good <tgood@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] FBI declares war on hackers
To: Randall M <randallm@xxxxxxxxxxx>
Cc: 'Full-Disclosure' <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <0504020933270.177@xxxxxxxxxxxxxxxxxxxx>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Little late for april fools.
On Sat, 2 Apr 2005, Randall M wrote:
> FBI shuts down well known hacker site
>
> http://www.crime-research.org/news/04.01.2005/1106/
>
> thank you
> Randall M
>
> "If we ever forget that we're one nation under God, then we will be a
nation
> gone under."
> - Ronald Reagan
> _________________________________
>
>
>
>
Travis Good, CISSP, IAM
------------------------------
Message: 8
Date: Sun, 3 Apr 2005 02:39:39 +0900
From: "Eiji James Yoshida" <ptrs-ejy@xxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Microsoft Windows Server 2003 "Shell
Folders" Directory Traversal Vulnerability
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <002001c537aa$f24bf780$6501a8c0@EnSof>
Content-Type: text/plain; charset="us-ascii"
This problem was corrected in Windows Server 2003 Service Pack 1.
Microsoft Windows Server 2003 "Shell Folders" Directory Traversal
Vulnerability
http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html
Regards,
-------------------------------------------------------------
Eiji James Yoshida
penetration technique research site
E-mail: ptrs-ejy@xxxxxxxxxxxxxx
URL: http://www.geocities.co.jp/SiliconValley/1667/index.htm
-------------------------------------------------------------
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
> Eiji James Yoshida
> Sent: Wednesday, October 08, 2003 10:57 PM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: [Full-Disclosure] Microsoft Windows Server 2003
> "Shell Folders" Directory Traversal Vulnerability
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Title:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Microsoft Windows Server 2003 "Shell Folders" Directory
> Traversal Vulnerability
> [http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html]
>
>
> Date:
> ~~~~~~~~~~~~~~~~~~~~~~~
> 8 October 2003
>
>
> Author:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Eiji James Yoshida [ptrs-ejy@xxxxxxxxxxxxxx]
>
>
> Vulnerable:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Windows Server 2003 (Internet Explorer 6.0)
>
>
> Overview:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Windows Server 2003 allows remote attacker to traverse "Shell
> Folders" directories.
> A remote attacker is able to gain access to the path of the
> %USERPROFILE% folder without guessing a target user name by this
> vulnerability.
>
> ex.) %USERPROFILE% = "C:\Documents and Settings\%USERNAME%"
>
>
> Details:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Windows Server 2003 allows remote attacker to traverse "Shell
> Folders" directories and access arbitrary files via "shell:[Shell
> Folders]\..\" in a malicious link.
>
> [Shell Folders]
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ex
> plorer\Shell Folders
> AppData: "C:\Documents and Settings\%USERNAME%\Application Data"
> Cookies: "C:\Documents and Settings\%USERNAME%\Cookies"
> Desktop: "C:\Documents and Settings\%USERNAME%\Desktop"
> Favorites: "C:\Documents and Settings\%USERNAME%\Favorites"
> NetHood: "C:\Documents and Settings\%USERNAME%\NetHood"
> Personal: "C:\Documents and Settings\%USERNAME%\My Documents"
> PrintHood: "C:\Documents and Settings\%USERNAME%\PrintHood"
> Recent: "C:\Documents and Settings\%USERNAME%\Recent"
> SendTo: "C:\Documents and Settings\%USERNAME%\SendTo"
> Start Menu: "C:\Documents and Settings\%USERNAME%\Start Menu"
> Templates: "C:\Documents and Settings\%USERNAME%\Templates"
> Programs: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs"
> Startup: "C:\Documents and Settings\%USERNAME%\Start
> Menu\Programs\Startup"
> Local Settings: "C:\Documents and Settings\%USERNAME%\Local Settings"
> Local AppData: "C:\Documents and Settings\%USERNAME%\Local
> Settings\Application Data"
> Cache: "C:\Documents and Settings\%USERNAME%\Local
> Settings\Temporary Internet Files"
> History: "C:\Documents and Settings\%USERNAME%\Local
> Settings\History"
> My Pictures: "C:\Documents and Settings\%USERNAME%\My
> Documents\My Pictures"
> Fonts: "C:\WINDOWS\Fonts"
> My Music: "C:\Documents and Settings\%USERNAME%\My
> Documents\My Music"
> My Video: "C:\Documents and Settings\%USERNAME%\My
> Documents\My Videos"
> CD Burning: "C:\Documents and Settings\%USERNAME%\Local
> Settings\Application Data\Microsoft\CD Burning"
> Administrative Tools: "C:\Documents and
> Settings\%USERNAME%\Start Menu\Programs\Administrative Tools"
>
>
> Exploit code:
> ~~~~~~~~~~~~~~~~~~~~~~~
> **************************************************
> This exploit reads %TEMP%\exploit.html.
> You need to create it.
> And click on the malicious link.
> **************************************************
>
> Malicious link:
> <a href="shell:cache\..\..\Local
> Settings\Temp\exploit.html">Exploit</a>
>
>
> Workaround:
> ~~~~~~~~~~~~~~~~~~~~~~~
> None.
>
>
> Vendor Status:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Microsoft was notified on 9 June 2003.
> They plan to fix this bug in a future service pack.
>
> Microsoft Knowledge Base(KB829493)
> [http://support.microsoft.com/default.aspx?scid=829493]
>
>
> Thanks:
> ~~~~~~~~~~~~~~~~~~~~~~~
> Microsoft Security Response Center
> Masaki Yamazaki (Japan GTSC Security Response Team)
> Youji Okuten (Japan GTSC Security Response Team)
>
>
> Similar vulnerability:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Microsoft Internet Explorer %USERPROFILE% Folder Disclosure
> Vulnerability
> [http://www.geocities.co.jp/SiliconValley/1667/advisory07e.html]
>
>
> - -------------------------------------------------------------
> Eiji James Yoshida
> penetration technique research site
> E-mail: ptrs-ejy@xxxxxxxxxxxxxx
> URL: http://www.geocities.co.jp/SiliconValley/1667/index.htm
> - -------------------------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8ckt
> Comment: Eiji James Yoshida
>
> iQA/AwUBP4QUUPfWv13kjJq0EQLCUQCfT9cXFH14453XXomssYHHAO/KWMMAoLxH
> YZTkthwnHxD1BW+YxEPzMPaV
> =8/8o
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
------------------------------
Message: 9
Date: Sat, 2 Apr 2005 19:38:45 +0100
From: n3td3v <xploitable@xxxxxxxxx>
Subject: Re: [Full-disclosure] FBI declares war on hackers
To: full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <4b6ee931050402103878ed7c7e@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
F**K the FBI, they are ignorant American wankers. I hope they rot.
On a lighter note, I just created a blog. I would like people to ask
me for an invite if you want one.
My blog is http://360.yahoo.com/n3td3v
My security group is http://groups-beta.google.com/group/n3td3v
My website is http://www.geocities.com/n3td3v
The FBI are wanks, I mean look at what happened in Iraq. That was
f***ed up. Real hackers know the FBI has crappy intelligence. Iraq is
proof of that. I mean i've been hacking for years, and i'm not in jail
yet.
Thanks, n3td3v
------------------------------
Message: 10
Date: Sat, 2 Apr 2005 21:11:57 +0200
From: Niccol? Roselli Cecconi <niccolo.roselli@xxxxxxxxx>
Subject: Re: [Full-disclosure] FBI declares war on hackers
To: n3td3v <xploitable@xxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <6b2bdf74050402111136a687f0@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Yeah man, you're a real H4ck3r !!!
On Apr 2, 2005 8:38 PM, n3td3v <xploitable@xxxxxxxxx> wrote:
> F**K the FBI, they are ignorant American wankers. I hope they rot.
>
> On a lighter note, I just created a blog. I would like people to ask
> me for an invite if you want one.
>
> My blog is http://360.yahoo.com/n3td3v
>
> My security group is http://groups-beta.google.com/group/n3td3v
>
> My website is http://www.geocities.com/n3td3v
>
> The FBI are wanks, I mean look at what happened in Iraq. That was
> f***ed up. Real hackers know the FBI has crappy intelligence. Iraq is
> proof of that. I mean i've been hacking for years, and i'm not in jail
> yet.
>
> Thanks, n3td3v
------------------------------
Message: 11
Date: Sat, 02 Apr 2005 14:39:35 -0500
From: Jeff Workman <jworkman@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] FBI declares war on hackers
To: full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <298167A35369A4C5308D9339@[192.168.1.206]>
Content-Type: text/plain; charset=us-ascii; format=flowed
What the FUCK would the FBI have to do with intelligence in Iraq?
Furthermore, what the FUCK does any U.S. agency's intelligence
successes/failures in Iraq have to do with FD?
-J
--On Saturday, April 02, 2005 7:38 PM +0100 n3td3v <xploitable@xxxxxxxxx>
wrote:
> F**K the FBI, they are ignorant American wankers. I hope they rot.
>
> On a lighter note, I just created a blog. I would like people to ask
> me for an invite if you want one.
>
> My blog is http://360.yahoo.com/n3td3v
>
> My security group is http://groups-beta.google.com/group/n3td3v
>
> My website is http://www.geocities.com/n3td3v
>
> The FBI are wanks, I mean look at what happened in Iraq. That was
> f***ed up. Real hackers know the FBI has crappy intelligence. Iraq is
> proof of that. I mean i've been hacking for years, and i'm not in jail
> yet.
>
> Thanks, n3td3v
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
Jeff Workman | jworkman@xxxxxxxxxxxxx | http:/www.pimpworks.org
------------------------------
Message: 12
Date: Sun, 03 Apr 2005 01:40:02 +0200
From: Milan 't4c' Berger <list.t4c@xxxxxxxx>
Subject: Re: [Full-disclosure] FBI declares war on hackers
Cc: 'Full-Disclosure' <full-disclosure@xxxxxxxxxxxxxxxxx>
Message-ID: <424F2D52.7040808@xxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
> FBI shuts down well known hacker site
>
> _http://www.crime-research.org/news/04.01.2005/1106/_
>
YHBT...
--
Milan 't4c' Berger
Networking & Security
21073 Hamburg
web: http://www.ghcif.de
gpg: http://www.ghcif.de/keys/t4c.asc
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 2, Issue 6
*********************************************