[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

+++++SPAM+++++ [Full-Disclosure] RPC DCOM + Kungfoo

To: full-disclosure@lists.netsys.com
Subject: +++++SPAM+++++ [Full-Disclosure] RPC DCOM + Kungfoo
From: Joey <joey2cool@yahoo.com>
Date: Mon, 4 Aug 2003 03:48:57 -0700

This mail is probably spam.  The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future.  See http://spamassassin.org/tag/ for more details.

Content preview:  Anyone know if its possible to put kungfoo shellcode
  into the exploit instead of the bindshell?
  http://www.harmonysecurity.com/kungfoo.html on the original xfocus
  exploit it said "The length of shellcode must be sizeof(shellcode)%16
  ,if not please fill with 0x90,or the packet" [...] 

Content analysis details:   (8.30 points, 3 required)
HTML_20_30         (1.2 points)  BODY: Message is 20% to 30% HTML
HTML_MESSAGE       (0.1 points)  BODY: HTML included in message
KNOWN_MAILING_LIST (-0.9 points) Email came from some known mailing list software
FORGED_YAHOO_RCVD  (2.3 points)  'From' yahoo.com does not match 'Received' headers
FORGED_RCVD_TRAIL  (1.3 points)  trail of Received: headers seems to be forged
CONFIRMED_FORGED   (4.3 points)  Received headers are forged

The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] RPC DCOM + Kungfoo
From: Joey <joey2cool@yahoo.com>
Date: Mon, 4 Aug 2003 03:48:57 -0700

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6336.0">
<TITLE>[Full-Disclosure] RPC DCOM + Kungfoo</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>Anyone know if its possible to put kungfoo shellcode<BR>
into the exploit instead of the bindshell?<BR>
<A HREF="http://www.harmonysecurity.com/kungfoo.html";>http://www.harmonysecurity.com/kungfoo.html</A><BR>
<BR>
on the original xfocus exploit it said &quot;The length of<BR>
shellcode must be sizeof(shellcode)%16=12 ,if not<BR>
please fill with 0x90,or the packet&quot;<BR>
<BR>
There is a GUI frontend to kungfoo that can be found<BR>
at <A HREF="http://packetstormsecurity.org/shellcode/shellcode-v2.0.zip";>http://packetstormsecurity.org/shellcode/shellcode-v2.0.zip</A><BR>
<BR>
__________________________________<BR>
Do you Yahoo!?<BR>
Yahoo! SiteBuilder - Free, easy-to-use web site design software<BR>
<A HREF="http://sitebuilder.yahoo.com";>http://sitebuilder.yahoo.com</A><BR>
_______________________________________________<BR>
Full-Disclosure - We believe in it.<BR>
Charter: <A HREF="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</A><BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>

Prev by Date: [Full-Disclosure] NetBSD Security Advisory 2003-011: off-by-oneerror in realpath(3)
Next by Date: Re: [Full-Disclosure] f-prot not catching mimail ?
Prev by thread: [Full-Disclosure] NetBSD Security Advisory 2003-011: off-by-oneerror in realpath(3)
Next by thread: [Full-Disclosure] Administrivia: Duplicate Messages
Index(es):
- Date
- Thread