[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Insect Pro - Advisory 2011 0428 - Zero Day -
From: "R0me0 ***" <knight.neo () gmail ! com>
Date: 2011-04-29 16:03:23
Message-ID: BANLkTi=BoqJm_AQueD5Mc9Y7A6PrekWjWw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
insect's are a big joke
m* f*
2011/4/29 -= Glowing Doom =- <secn3t@gmail.com>
> Well... I am only saying, this place is NOT a place where 'web fuzzing'
> should be the main topic of interest, specially when it is related to
> software wich costs money and does not even have any trial..
> It also, produced a false, on many occassions.
> Acutenix consultant would do this, and guess what, get a cracked copy, and
> they STILL let ya be a consultant!!
> neat huh??
> Now with this and Insect... you cannot do any ill.. your hard working
> product, doesnt even scan right, and there is no free version... there is
> only 'email' ones as ive seen, so what kinda shit is that, posting to grok
> ??? eh ???
> Im with the others... the tests show the truth, truth is, the product
> stinks, even when given the second glance.
> Your peers vote i think, against this app...and, unless you maybe fix it,
> and, even use some open src tosdo so (maybe learn something about 'opening')
> the product, and more people will be happy to debug for you.. but alone,
> your , yes..an insect waiting to be squashed :P lol...pardon my fracoise'
> .
> xd
>
>
> On 29 April 2011 13:43, Mario Vilas <mvilas@gmail.com> wrote:
>
>> Precisely. The poc triggers the bug by passing a very long command line
>> argument, so it's assumed the attacker already has executed code. The only
>> way this is exploitable is if the binary has suid (then the attacker can
>> elevate privileges) or the command can be executed remotely (and the
>> attacker additionaly cannot execute any other commands, but can mysteriously
>> control the arguments). Unless either scenario is researched (and nothing in
>> the advisory tells me so) I call bullshit.
>>
>> On Thu, Apr 28, 2011 at 6:09 PM, <Valdis.Kletnieks@vt.edu> wrote:
>>
>>> On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said:
>>>
>>> > Is the suid bit set on that binary? Otherwise, unless I'm missing
>>> something
>>> > it doesn't seem to be exploitable by an attacker...
>>>
>>> Who cares? You got code executed on the remote box, that's the *hard*
>>> part.
>>> Use that to inject a callback shell or something, use *that* to get
>>> yourself a shell
>>> prompt. At that point, download something else that exploits you to root
>>> - if
>>> you even *need* to, as quite often the Good Stuff is readable by non-root
>>> users.
>>>
>>
>>
>>
>> --
>> “There's a reason we separate military and the police: one fights
>> the enemy of the state, the other serves and protects the people. When
>> the military becomes both, then the enemies of the state tend to become the
>> people.”
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
[Attachment #5 (text/html)]
insect's are a big joke<br>m* f*<br><br><div class="gmail_quote">2011/4/29 -= Glowing Doom \
=- <span dir="ltr"><<a \
href="mailto:secn3t@gmail.com">secn3t@gmail.com</a>></span><br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> \
Well... I am only saying, this place is NOT a place where 'web fuzzing' should be the \
main topic of interest, specially when it is related to software wich costs money and does not \
even have any trial..<br>It also, produced a false, on many occassions.<br>
Acutenix consultant would do this, and guess what, get a cracked copy, and they STILL let ya be \
a consultant!!<br>neat huh??<br>Now with this and Insect... you cannot do any ill.. your hard \
working product, doesnt even scan right, and there is no free version... there is only \
'email' ones as ive seen, so what kinda shit is that, posting to grok ??? eh ???<br>
Im with the others... the tests show the truth, truth is, the product stinks, even when given \
the second glance.<br>Your peers vote i think, against this app...and, unless you maybe fix it, \
and, even use some open src tosdo so (maybe learn something about 'opening') the \
product, and more people will be happy to debug for you.. but alone, your , yes..an insect \
waiting to be squashed :P lol...pardon my fracoise'<br>
.<br>xd<br><br><br><div class="gmail_quote"><div><div></div><div class="h5">On 29 April 2011 \
13:43, Mario Vilas <span dir="ltr"><<a href="mailto:mvilas@gmail.com" \
target="_blank">mvilas@gmail.com</a>></span> wrote:<br> </div></div><blockquote \
class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, \
204);padding-left:1ex"><div><div></div><div class="h5"> Precisely. The poc triggers the bug by \
passing a very long command line argument, so it's assumed the attacker already has \
executed code. The only way this is exploitable is if the binary has suid (then the attacker \
can elevate privileges) or the command can be executed remotely (and the attacker additionaly \
cannot execute any other commands, but can mysteriously control the arguments). Unless either \
scenario is researched (and nothing in the advisory tells me so) I call bullshit.<div>
<br><div class="gmail_quote">On Thu, Apr 28, 2011 at 6:09 PM, <span dir="ltr"><<a \
href="mailto:Valdis.Kletnieks@vt.edu" target="_blank">Valdis.Kletnieks@vt.edu</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid \
rgb(204, 204, 204);padding-left:1ex">
<div>On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said:<br>
<br>
> Is the suid bit set on that binary? Otherwise, unless I'm missing something<br>
> it doesn't seem to be exploitable by an attacker...<br>
<br>
</div>Who cares? You got code executed on the remote box, that's the *hard* part.<br>
Use that to inject a callback shell or something, use *that* to get yourself a shell<br>
prompt. At that point, download something else that exploits you to root - if<br>
you even *need* to, as quite often the Good Stuff is readable by non-root<br>
users.<br>
</blockquote></div><br><br clear="all"><br>-- <br><span \
style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse">“There's a \
reason we separate military and the police: one fights the enemy of the state, the other serves \
and protects the people. When the military becomes both, then the enemies of the state tend to \
become the people.”<br>
</span><br>
</div>
<br></div></div><div class="im">_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></div></blockquote></div><br> \
<br>_______________________________________________<br> Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div><br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic