[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] New open source Security Framework
- To: Juan Sacco <juansacco@xxxxxxxxx>
- Subject: Re: [Full-disclosure] New open source Security Framework
- From: xD 0x41 <secn3t@xxxxxxxxx>
- Date: Thu, 6 Oct 2011 11:27:24 +1100
Yes, i will join.
http://exploitpack.com/mailing-list
i will try and contribute actually.. i see now why you removed abit of the
author name but... kinda handy to know it is always same author to ;p but,
we will discuss this on that list :)
i will look forward to trying to make it, abit nicer ... specially, could
get some friendly help, wich would be nice.. thats what it needs, some deent
codes..to be really looked at, and used, then, you would want to get it
added to like BT or BackBox etc...so, i can try help , sure :)
Im glad you offered that ,.hehe.
cheers,
xd
On 6 October 2011 11:23, Juan Sacco <juansacco@xxxxxxxxx> wrote:
> Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!!
> ( Please do me a favor and read the license first )
>
> Wanna keep talking about your personal opinion?
>
> Please.. As it was told stop doing it here, this is not a chatroom. We have
> a forum and a mailing list for that.
>
> It would be nice to see you there... Believe me.
>
> I invite you all to the new forum! :-)
> http://exploitpack.com
>
> Cheers!
>
>
> On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
>
>> Juan,
>> I have not created any opinion (yet) but, is it rally fair, to give people
>> who code, 2 frigging dollars, for sometimes what would be 0day , or is it
>> nice, to remove the REAL auithors name, and add your own.
>> Thats the only grips i see, without having to look at it yet.
>> The whole look of it, without 'using' it tho, looks alot like canvas ;p
>> but, thats not bad thing and, i personally, dont mind that, coz canvas, is
>> not open and, this one is, wich would be great to bring that feel into it..
>> so, your reading tomuch into things, when i mean giving credit to author, i
>> dont mean putting in his email/greetings and notes, i mean, simply one line
>> to give credit, so people who are using the pack, could atleastfeel sure
>> with some coders,that the code will be very nice, and not painful to read or
>> , modify even to make it nicer.. that is why i like to always makesure
>> authors get some credit, however it may be, it only needbe a nick/name, but
>> you are using theyre things, but on your people who your paying, i guess you
>> should maybe put in place then rules that, all exploits paid for, would not
>> recieve credits, other than, part of devteam or part of exploit-pack
>> codepack.
>> It aint hard to keep people happy. Whilst still producing quality, or, non
>> quality.
>> i will run your pack, using ONE well know exploit, and if that fails, i
>> will have results here, compared to backbox scan or, another vuln scan,
>> then, i will comment further. How does that sound?
>> Ok. I will do my research, but, i aint angry at you, nor the product,
>> altho i dislike Insect, this one, seems to have some good features. So yea,
>> ill take an open look, i only think, if code is NOT paid for, then you
>> should put authors name or handle in there somwhere, maybe even something
>> for paid exploits... people do appreciate a 'thanks to' sometimes...
>> especially you it seems.
>> xd
>>
>>
>> On 6 October 2011 10:47, Juan Sacco <juansacco@xxxxxxxxx> wrote:
>>
>>> Hey,
>>> Its really a shame that you didn't even take like 2 minutes to watch the
>>> source code of Exploit Pack before create an opinion.
>>> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack
>>> JAVA. See the diference? Also, please take a look at the interface design,
>>> both are really different. Show me where Exploit Pack is similar to Canvas!
>>> I think you spent too much time looking for Waldo :-D
>>>
>>> We respect the exploit author and that is why I add them at the first
>>> line of the XML file
>>> You should run the program before creating this crappy post with your
>>> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
>>> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )
>>>
>>> Take a look if you want:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <Module>
>>>
>>> <Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py"
>>> Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort=""
>>> ShellcodeAvailable="R" ShellPort="4444" SpecialArgs="">
>>> </Exploit>
>>>
>>> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
>>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit
>>> when parsing the command 'USR', which leads to a stack based overflow. Also
>>> Free Float FTP Server allow remote anonymous login by default
>>> exploiting these issues could allow an attacker to compromise the
>>> application, access or modify data.
>>> </Information>
>>>
>>> JSacco
>>>
>>> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
>>>
>>>> Heya jeff,
>>>> The author is clearly not smart.
>>>> He is copying other codes, this is a plain rip off of canvas...hehe...
>>>> and same with his insect pro... he stole metasplit for tht one, then he
>>>> wants repect, when we see him removing simplly one line wich would atleast
>>>> say a ty and, show [ppl who writes, is maybe sometimes stabler than other
>>>> authors, it would be better to have this in, not out.. he should be able to
>>>> see thats how it works with exploit code/pocs in general... sometimes, if i
>>>> see php code from one person, i will tend to look, but if it was from an
>>>> unknown person, i prolly wouldnt.
>>>> But this (open sauce) project, i will download and waste 5minutes on.
>>>> Then illm go back to Backbox and BT5 and things wich work :)
>>>> hehe
>>>> (this guy is really mad about his app... and i mean, dang mad angry! I
>>>> will buy some tissues and send to him, that is my donation for his app)
>>>> :))
>>>> xd
>>>>
>>>>
>>>> On 6 October 2011 08:59, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
>>>>
>>>>> On Wed, Oct 5, 2011 at 5:32 AM, root <root_@xxxxxxxxxxxxxxx> wrote:
>>>>> > - * @author Stefan Zeiger (szeiger@xxxxxxxxxxxx)
>>>>> > - print " Written by Blake "
>>>>> > - <Information Author="Blake" Date="August 23 2011"
>>>>> Vulnerability="N/A">
>>>>> >
>>>>> > +#Exploit Pack - Security Framework for Exploit Developers
>>>>> > +#Copyright 2011 Juan Sacco http://exploitpack.com
>>>>> > +#
>>>>> > +#This program is free software: you can redistribute it and/or
>>>>> modify
>>>>> > it under the terms of the
>>>>> > +#GNU General Public License as published by the Free Software
>>>>> > Foundation, either version 3
>>>>> > +#or any later version.
>>>>> > +#
>>>>> > +#This program is distributed in the hope that it will be useful, but
>>>>> > WITHOUT ANY WARRANTY;
>>>>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR
>>>>> A
>>>>> > PARTICULAR
>>>>> > +#PURPOSE. See the GNU General Public License for more details.
>>>>> > +#
>>>>> > +#You should have received a copy of the GNU General Public License
>>>>> > along with this program.
>>>>> > +#If not, see http://www.gnu.org/licenses/
>>>>> GPL V3 - they had to encumber it to set it free?
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>>
>>> --
>>> _________________________________________________
>>> Insecurity Research - Security auditing and testing software
>>> Web: http://www.insecurityresearch.com
>>> Insect Pro 2.5 was released stay tunned
>>>
>>>
>>>
>>
>
>
> --
> _________________________________________________
> Insecurity Research - Security auditing and testing software
> Web: http://www.insecurityresearch.com
> Insect Pro 2.5 was released stay tunned
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/