[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- To: Ryan Dewhurst <ryandewhurst@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: xD 0x41 <secn3t@xxxxxxxxx>
- Date: Sat, 12 Nov 2011 09:22:19 +1100
yer yer... everyone trys to shoot the messenger, when, i should have
just stfu, and, not offered any insight, wich would probably have been
better, sorry, ill makesure to keep this shit to myself, until the
actual author, gives out shit.. .ok...thx.
my mistake
On 12 November 2011 03:43, Ryan Dewhurst <ryandewhurst@xxxxxxxxx> wrote:
> I think Jon just said what everyone else was thinking, he said what I
> was thinking at least.
>
> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz@xxxxxxxxx> wrote:
>> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t@xxxxxxxxx> wrote:
>>> About the PPS, i think thats a very bad summary of the exploit, 49days
>>> to send a packet, my butt.
>>> There is many people assuming wrong things, when it can be done with
>>> seconds, syscanner would scan a -b class in minutes, remember it only
>>> has to find the vulns, gather, then it would break scan, and trigger
>>> vuln... so in real world botnet, yes then, with tcpip patchers, like
>>> somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks...
>>> and it is ONLY one wich actually works, when you maybe modify the src
>>> so the sys file, is dropped from within a .cpp file, well thats up to
>>> you but thats better way to make it work, this will open
>>> sockets/threads, as i could, easily proove with one exe, but, the goal
>>> is, to trigger the vuln then exploit it, less than 49days :P , so ,
>>> iguess if this exploit, in real form, gathered 2 million hosts over 3
>>> nights.. i guessing that the exploit, could possibly be triggered with
>>> ONE properly setup packet.. people forget that, a packet is one thing,
>>> and a crafted UDP packet, is quite another..
>>
>> I'd really like to see you actually explain this bug with code. Either
>> with a poc or with the disassembly. You seem to act like you know
>> what's going on, but so far your description has been off base (from
>> what I can make of your writing).
>>
>> No one cares about paragraphs of speculation and bragging, code or you
>> are just another heavy breather in the perv closet of FD.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/