'[Full-Disclosure] Windows (XP SP2): Remotely Code Execution with'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Windows (XP SP2): Remotely Code Execution with
From:       ShredderSub7 <shreddersub7 () yahoo ! com>
Date:       2004-12-30 14:11:12
Message-ID: 20041230141112.85467.qmail () web61301 ! mail ! yahoo ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi all,
a few days ago, I released a PoC from an exploit that can allow code execution from a webpage.
Some people asked me if it is possible to execute a random file, that comes from the Internet.
Now, I updated this PoC and it is possible to execute a malware file from the Internet.
http://freehost19.websamba.com/shreddersub7/cmdexe.htm (PoC, installs and opens 2 files called \
"cmdexe.exe" and "cmdexe.hta" into your root C-drive). This new PoC works very similar to the \
old one (which you can still find at http://freehost19.websamba.com/shreddersub7/htm.htm). The \
new PoC actually uses the old PoC multiple times, it is build in 3 fases: The first fase will \
be used to write the HTML application "cmdexe.hta" to your C-drive. If you want to know how \
this is done, I refer to the website of Michael Evanchik (http://www.michaelevanchik.com), \
because he was the first person who founded this writing method (btw, thanks!). The second fase \
is very similar to the first one: it opens the file "cmdexe.hta" and it will write the malware \
file "cmdexe.exe" also to your C-drive. The third fase then is based on my older exploit \
(http://freehost19.websamba.com/shreddersub7/htm.htm, Remote Code Execution), it will open the \
file "C:\cmdexe.exe". For more info about that third fase, I refer to my own explanation found \
at http://freehost19.websamba.com/shreddersub7/expl-discuss.htm.  
So, for the PoC about Remote Malware Code Execution with Parameters:
http://freehost19.websamba.com/shreddersub7/cmdexe.htm
 
Contact:
shreddersub7_at_yahoo.com (replace "_at_" with "@" off course)
 
Regards,
shreddersub7

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Attachment #5 (text/html)]

<DIV>Hi all,</DIV>
<DIV>a few days ago, I released a PoC from an exploit that can allow code execution from a \
webpage.</DIV> <DIV>Some people asked me if it is possible to execute a random file, that comes \
from the Internet.</DIV> <DIV>Now, I updated this PoC and it is possible to execute a malware \
file from the Internet.</DIV> <DIV><A \
href="http://freehost19.websamba.com/shreddersub7/cmdexe.htm">http://freehost19.websamba.com/shreddersub7/cmdexe.htm</A> \
(PoC, installs and opens 2 files called "cmdexe.exe" and "cmdexe.hta" into your root \
C-drive).</DIV> <DIV>This new PoC works very similar to the old one (which you can still find \
at <A href="http://freehost19.websamba.com/shreddersub7/htm.htm">http://freehost19.websamba.com/shreddersub7/htm.htm</A>).</DIV>
 <DIV>The new PoC actually uses the old PoC multiple times, it is build in 3 fases:</DIV>
<DIV>The first fase will be used to write the HTML application "cmdexe.hta" to your C-drive. If \
you want to know how this is done, I refer to the website of Michael Evanchik (<A \
href="http://www.michaelevanchik.com">http://www.michaelevanchik.com</A>), because he was the \
first person who founded this writing method (btw, thanks!).</DIV> <DIV>The second fase is very \
similar to the first one: it opens the file "cmdexe.hta" and it will write the malware file \
"cmdexe.exe" also to your C-drive.</DIV> <DIV>The third fase then is based on my older exploit \
(<A href="http://freehost19.websamba.com/shreddersub7/htm.htm">http://freehost19.websamba.com/shreddersub7/htm.htm</A>, \
Remote Code Execution), it will open the file "C:\cmdexe.exe". For more info about that third \
fase, I refer to my own explanation found at <A \
href="http://freehost19.websamba.com/shreddersub7/expl-discuss.htm">http://freehost19.websamba.com/shreddersub7/expl-discuss.htm</A>.</DIV>
 <DIV>&nbsp;</DIV>
<DIV>So, for the PoC about Remote&nbsp;Malware Code&nbsp;Execution with Parameters:</DIV>
<DIV><A href="http://freehost19.websamba.com/shreddersub7/cmdexe.htm">http://freehost19.websamba.com/shreddersub7/cmdexe.htm</A></DIV>
 <DIV>&nbsp;</DIV>
<DIV>Contact:</DIV>
<DIV><A href="mailto:shreddersub7@yahoo.com">shreddersub7_at_yahoo.com</A>&nbsp;(replace "_at_" \
with "@" off course)</DIV> <DIV>&nbsp;</DIV>
<DIV>Regards,</DIV>
<DIV>shreddersub7</DIV><p>__________________________________________________<br>Do You \
Yahoo!?<br>Tired of spam?  Yahoo! Mail has the best spam protection around \
<br>http://mail.yahoo.com 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic