war dialing

[rootnt]

سلام.
nmap كه ديگه خيلي معروفه فكر نمي كنم رو سرش برنامه اين بياد.

[double_n]

mamad_tnt عزیز
شما درست گفتید
خوب چه خبر از اکسپلویت ها :?:

تا مدتی دیگه یه اموزش هک درست حسابی بدون کم وکسر
به زبان فارسی رو تموم می کنم (حداقل 2 ماه دیگه)
پیش نویسش کردم حدود 16XX صفحه در می آید اگه تونستم تمومش کنم برات یه نسخه می فرستم

یه سری هم به خبر ها بزن یه خبر از هک داریم ...........
حتما خوشت می آد

[Ali_k]

پیش نویسش کردم حدود 16XX صفحه در می آید اگه تونستم تمومش کنم برات یه نسخه می فرستم

دوست عزيز منم ميخام يعني برا منم بفرست
با تشكر

[double_n]

چشم شما هم اگه تمومش کردم . . .

[rootnt]

بابا مرسي كارت درسته.
از اكسپلويت ها هم نوشتي؟
خدا كنه به زبان ساده و توضيح جزييات باشه.

[double_n]

Only For mamad_TnT


Advisory 02/2004: Trillian remote overflows

e-matters GmbH
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

-= Security Advisory =-



Advisory: Trillian remote overflows
Release Date: 2004/02/24
Last Modified: 2004/02/24
Author: Stefan Esser [s.esser@e-matters.de]

Application: Trillian 0.71-0.74 w/ patch f
Trillian Pro 1.0, 2.0, 2.01
Severity: 2 vulnerabilities were found in the instant
messenger Trillian that allow remote compromise
Risk: Critical
Vendor Status: Vendor has fixed and released patches
Reference: [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]


Overview:

Quote from [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

"What is Trillian?

Trillian is a skinnable, interoperable instant messaging client.
Grab the best IM client available on the Internet today!
Trillian .74 is completely free, with no spyware and no ads.
Over 10 million downloads can't be wrong!"

While playing around with the recently found Gaim vulnerabilities
it was discovered that two of them also affect Trillian and allow
remote compromise.


Details:

While testing the developed exploits against other instant
messaging clients it was discovered that Trillian as one of the
most popular 3rd party instant client for the windows operating
system is indeed vulnerable to the bugs discovered in the GAIM
sourcecode

The bugs in question are

[01 - AIM/Oscar DirectIM Integer Overflow]

When Trillian receives a DirectIM packet with a size above 8kb
it spawns a thread to receive the complete packet. This thread
allocates a buffer for the incoming packet and one extra byte.
This procedure suffers from an integer overflow when the size
is UINT_MAX and will only allocate a buffer of minimum size
in that case. This buffer is then filled with multiple calls to
recv() which will result in an arbitrary size heap overflow.

[02 - Yahoo Packet Parser Overflow]

A Yahoo Messenger packet consist of a header and a list of keys
with their associated values. When reading an oversized keyname
a standard stackoverflow can be triggered.

The code below is part of Trillian since version 0.71 which was
released on the 18th december 2001. It was manually decompiled.
The variable names were taken from the GAIM source code. If you
compare the decompiled code with the code in yahoo.c (revision
1.12 from 15th nov 2001) you will realise that it is more or
less identical. It is up to the reader to find an explanation
how this GPL licensed codesnippet ended up in Trillian.


int pos = 0;

while (pos + 1 < len) {

char key[64], *value = NULL;
int x = 0, accept;

struct yahoo *YAHOO = malloc(12);

while (pos + 1 < len) {
if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
break;
key[x++] = data[pos++];
}
key[x] = 0;
pos += 2;
YAHOO->key = atoi(key);
accept = x;

if (accept) {
value = malloc(len - pos + 1);
}

while (pos + 1 < len) {
if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
break;
if (accept) {
value[x++] = data[pos++];
}
}

if (accept) {
value[x] = 0;
}
pos += 2;
if (accept) {
YAHOO->value = strdup(value);
free(value);
}

return YAHOO;

}

Finally it has to be mentioned, that it is no longer possible
to exploit the second vulnerability through the Yahoo! servers.
It is not known what and why Yahoo! has changed, but they
do not longer transport unknown keys. We were only able to
exploit the vulnerability with man in the middle attacks.
This can be considered good news because this will make it
impossible to write a widespread worm.

Although Trillian Pro is compiled with the Visual Studio
stackoverflow protection it is possible to exploit this
vulnerability by simply overflowing up to the stack top and
abusing the power of structured exception handlers.


Proof of Concept:

e-matters is not going to release an exploit for any of these
vulnerabilities to the public.


Disclosure Timeline:

18. February 2004 - Cerulean Studios were contacted over their
forum and a mail was sent to the domain
owner because mails to [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]
simply bounce back and there is no other way
to contact them
19. February 2004 - Cerulean Studios acknowledged the mail
20. February 2004 - Cerulean Studios gave us the patches to test
Patches were verified and we were notified
that they plan to release them on Monday
23. February 2004 - Nothing happened...
24. February 2004 - Cerulean Studios have released the patched
versions


Recommendation:

As usual it is recommend to download the update from the Trillian
homepage at

[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

We are not aware of any public exploit for these vulnerabilities,
but anyone who has developed an exploit for the GAIM vulnerabilities
could change it easily to work against Trillian, too.


GPG-Key:

[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam
Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6


Copyright 2004 Stefan Esser. All rights reserved.
if you want to be a hacke You mooooost understand English language......



:mrgreen: :mrgreen: :mrgreen: :mrgreen: :mrgreen: :mrgreen:

[double_n]

اینم یه کتابببببببب در باره اکسپلویت ها :
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

[double_n]

این یکی در مورد حمله های سرریز بافر هستش :
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

[double_n]

اینم Hacking Exposed Web Applications البته کاملش :

[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

[double_n]

اینم یکی دیگه :
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]