[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New open source Security Framework



OK, now that is out of way, i would be very happy to help, and contribute
even, and will join that list, i dont have address offhand, but i will look
for it if i have to,...and, i will suggest things there, and, i am not
nasty, I just, respect authors.
I appreciate this change..and, i understand, the project, is still young.

AGAIN. For the last time.
I respect the author's name of all the exploits added to Exploit Pack, like
you suggest in a terrible and way.. Insulting and posting like 10 mail to
the this list. I will add a " # Thank you [AUTHOR NAME ] for let us use your
public script " in the top of all new exploit added to Exploit Pack
Framework.

I thankyou for this, and this would be nice if it was somehow, incorporated
into the exploit-name,but, i understand this is harder..but some coders,
theyre work is always amazing, those guys, would definately deserve it..
but, thats totally something, i will leave to you.
i will even try and, assist the project when i have time, since you are also
trying to work with things.
I want this clear, there is no spite/hate here, it is simply new, and needs
like all new things, debugging alittle :)
it is, good start.
xd




On 6 October 2011 11:16, Juan Sacco <juansacco@xxxxxxxxx> wrote:

> Hey.. I already gave you an answer about this.
>
> AGAIN. For the last time.
> I respect the author's name of all the exploits added to Exploit Pack, like
> you suggest in a terrible and way.. Insulting and posting like 10 mail to
> the this list. I will add a " # Thank you [AUTHOR NAME ] for let us use your
> public script " in the top of all new exploit added to Exploit Pack
> Framework.
>
> ** Also, I created a mailing list to discuss this kind of things, report
> bugs and much more ( But sorry, NO INSULTING is allowed there )  **
>
> As other people told you stop doing chatting here. This is not a forum.
>
> JSacco
>
> On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
>
>> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit
>> when parsing the command 'USR', which leads to a stack based overflow. Also 
>> Free Float FTP Server allow remote anonymous login by default
>> exploiting these issues could allow an attacker to compromise the 
>> application, access or modify data.
>> </Information>
>>
>>
>> erm, sorry this dont count, it should be IN the code, not, after running it 
>> :P
>> thats bs mate, and i wont agree with your crap, until you see my point 
>> really. It is, something you write, compared to running thwe GUI..
>>
>>
>> xd
>>
>>
>>
>> On 6 October 2011 10:47, Juan Sacco <juansacco@xxxxxxxxx> wrote:
>>
>>> Hey,
>>> Its really a shame that you didn't even take like 2 minutes to watch the
>>> source code of Exploit Pack before create an opinion.
>>> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack
>>> JAVA. See the diference? Also, please take a look at the interface design,
>>> both are really different. Show me where Exploit Pack is similar to Canvas!
>>> I think you spent too much time looking for Waldo :-D
>>>
>>> We respect the exploit author and that is why I add them at the first
>>> line of the XML file
>>> You should run the program before creating this crappy post with your
>>> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
>>> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )
>>>
>>> Take a look if you want:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <Module>
>>>
>>> <Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py"  
>>> Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" 
>>> ShellcodeAvailable="R" ShellPort="4444" SpecialArgs="">
>>> </Exploit>
>>>
>>> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
>>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit
>>> when parsing the command 'USR', which leads to a stack based overflow. Also 
>>> Free Float FTP Server allow remote anonymous login by default
>>> exploiting these issues could allow an attacker to compromise the 
>>> application, access or modify data.
>>> </Information>
>>>
>>> JSacco
>>>
>>> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
>>>
>>>> Heya jeff,
>>>> The author is clearly not smart.
>>>> He is copying other codes, this is a plain rip off of canvas...hehe...
>>>> and same with his insect pro... he stole metasplit for tht one, then he
>>>> wants repect, when we see him removing simplly one line wich would atleast
>>>> say a ty and, show [ppl who writes, is maybe sometimes stabler than other
>>>> authors, it would be better to have this in, not out.. he should be able to
>>>> see thats how it works with exploit code/pocs in general... sometimes, if i
>>>> see php code from one person, i will tend to look, but if it was from an
>>>> unknown person, i prolly wouldnt.
>>>> But this (open sauce) project, i will download and waste 5minutes on.
>>>> Then illm go back to Backbox and BT5 and things wich work :)
>>>> hehe
>>>> (this guy is really mad about his app... and i mean, dang mad angry! I
>>>> will buy some tissues and send to him, that is my donation for his app)
>>>> :))
>>>> xd
>>>>
>>>>
>>>> On 6 October 2011 08:59, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
>>>>
>>>>> On Wed, Oct 5, 2011 at 5:32 AM, root <root_@xxxxxxxxxxxxxxx> wrote:
>>>>> > - * @author Stefan Zeiger (szeiger@xxxxxxxxxxxx)
>>>>> > - print "   Written by Blake  "
>>>>> > - <Information Author="Blake" Date="August 23 2011"
>>>>> Vulnerability="N/A">
>>>>> >
>>>>> > +#Exploit Pack - Security Framework for Exploit Developers
>>>>> > +#Copyright 2011 Juan Sacco http://exploitpack.com
>>>>> > +#
>>>>> > +#This program is free software: you can redistribute it and/or
>>>>> modify
>>>>> > it under the terms of the
>>>>> > +#GNU General Public License as published by the Free Software
>>>>> > Foundation, either version 3
>>>>> > +#or any later version.
>>>>> > +#
>>>>> > +#This program is distributed in the hope that it will be useful, but
>>>>> > WITHOUT ANY WARRANTY;
>>>>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR
>>>>> A
>>>>> > PARTICULAR
>>>>> > +#PURPOSE. See the GNU General Public License for more details.
>>>>> > +#
>>>>> > +#You should have received a copy of the GNU General Public License
>>>>> > along with this program.
>>>>> > +#If not, see http://www.gnu.org/licenses/
>>>>> GPL V3 - they had to encumber it to set it free?
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>>
>>> --
>>> _________________________________________________
>>> Insecurity Research - Security auditing and testing software
>>> Web: http://www.insecurityresearch.com
>>> Insect Pro 2.5 was released stay tunned
>>>
>>>
>>>
>>
>
>
> --
> _________________________________________________
> Insecurity Research - Security auditing and testing software
> Web: http://www.insecurityresearch.com
> Insect Pro 2.5 was released stay tunned
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/