Are We Sexy?
"When security is not your beretta"
New release of unhide that includes scanner for detecting busy pids that are being used by the "ev1l" processes (pids space ocupation bruteforcing). We want to thanks ICEHOUSE for releasing a new version of this nice tool. Try unhide now!
dab proudly presents an advisory + tool for xmas. The advisory shows some new Cerberus Helpdesk vulnerabilities (blind sql injection), you can read it clicking HERE. The new tool is a blind sql injection bruteforcer, useful for finding usernames, versions and other stuff, it supports dictionary lists and bruteforce attack, it's a really nice tool, try it!. A presentation is also available. It explains the bugs and how to use the tool video demo
ICEHOUSE released a new version of unhide. Unhide is a forensic tool for detecting hidden process in Unix systems by two ways, one of them is to compare /proc vs /bin/ps output (like chkrootkit) and the other one is a new teeqneeq using syscalls. The new version is also able to detect hidden UDP & TCP ports hidden by the rootkit. You can fetch unhide clicking here
Available rpm package of kernel 2.6.14 grsec without modules support. Please read carefully the instructions (readme.txt) and dont istall it before build your own system configuration. Download area
We want to thanx again our friend df@etnies for the website design. Seems everybody wanna look like !dSR. Here we have some gruppies: mbytesecurity and teamsecurity
Note: We have no relationship with those n00bs, we just spanked them a little. More info mbytesecurity and redh4x0r.org.
Released the advisory about a denial of service vulnerability against some nokia devices. The bug
was found by dab and presented on the bluetooth security talk in the NcN congress (www.noconname.org). The advisory
is available at the explt+advs section: nokia-DoS-obex.txt . The NcN presentation will be publish
very soon, in /stuff/texts/
NcN Martial Arts Kombat (Military Part); after serverals beers, some Hax0rcito's crew members died unexpectly, despite several of our soldiers disapeared we do not know if in company of Tito's gogo or in some battle. We also remember an exconvict mexican haxor trying to pen-test some chicks at the disco (regards alt3kx). Note: No animals have been harmed during the tests
RoMaNSoft: I tested existing exploits for PnP bug on my W2k SP4 machine (Spanish) and they didn't work ("services" process is crashing but I got no shell). So I did a quick review with Olly and I realized that umpnpmgr.dll is being loaded at a different base address. In Spanish systems this base address is 0x76770000 but current exploits are assumming (I guess) 0x767a0000. Then I did a quick hack to HOD's exploit and it worked perfectly. I also modified Metasploit's module and included a target for Spanish systems. File name and location: ms05_039_spanish.tgz in explt+advs section.
We changed folder distribution in /stuff/ section, to make easier finding the stuff, maybe one day we will add some html with descriptions of each file...
Bruteforce tool for Oracle databases, coded in perl by dab. Filename: bfora.pl in /stuff/olds section. Enjoy!
Some "funny" shit about phrack information leak is published in stuff/fun/phrack. Enjoy!
Hugo V. Caramés of INFOHACKING (lol) contacted !dSR and asked us about deleting all his personal data and pictures. We reacted very kindly removing tlf number, address and his pic... More info stuff/fun/fishface/hugo.txt (in spanish).
Druppy461.pl its an exploit for the Drupal Code Injection vulnerability (SA-2005-002) you can download it from the /STUFF/olds section. Author: dab
WTF? xmlrpc exploit released by ilo-- ¿?¿? This exploit should work against drupal, postnuke, tikiwiki, b2evolution ... and other stuff that use xmlrpc implementation. As ussual you can get it in /STUFF/olds (xmlrpc.pl). Sorry to the blackhat community, but its summer and skiddies should have fun after exams.
"Skype for Windows 1.3.0.51 - Now anti-debug free!" Yep, Skype is still free. Don't panic! :-) But people who have installed debuggers like SoftICE cannot enjoy Skype. Why? Blame Skype authors: "Skype is not compatible with system debuggers like SoftICE". Oh my God! They don't trust crackers! No problem, we have released a patch to solve this ;-)". You can download it in /STUFF/olds section.
Exploit for new phpbb vulnerability done by dab, you can fetch it in /STUFF/olds/ filename: phpbb2_0_15.pl
Unhide is a forensic tool for detecting hidden process in Unix systems (tested on Lnx, Sol and BSD). It implements two ways, one of them, comparing /proc VS /bin/ps and the other one is a new teeqneeq using syscalls. Unhide.tgz is available in /STUFF/olds/, unhide.c works on *Unix* and Linux 2.4 and unhide-linux26.c is specific for linux 2.6. This tool was coded by ICEHOUSE. Thx bro.
Latest bash+syslog rpm for fedora core 4 is available in /STUFF/rpms/ .
Released "Quick Tunneling IP over DNS guide" v0.2 by dab (thx feeble). Versions in spanish and english are available in: /STUFF/txt/ dns-tunnelingv0.2 -es.txt and -en.txt.
!dSR released 2 proof of concept cracking tools for fwbuilder 2.0.3 and sawmill 7.1.5. The keygen and patcher, are for educational pourposes only. Please, if you like the software buy it! ;). !dSR cannot be responsible of any bad use of this tools. The files are in STUFF/olds; fwbcrack_2_0_3_patch_by_dSR.rar and Sawmill_7_1_5_keygen_by_dSR.rar.
RewritingProxyTME is a powerful Perl module intended to be used with Apache + Mod_perl in order to provide a full "Reverse Proxy" implementation. Available in /STUFF/olds Thx to RoMaNSoFt.
Some of our guys will be in both of this next events; NcN - www.noconname.org and tecnoatlantico - www.tecnoatlantico.com .
The Spring c0n was celebrated with lot of assistants; Pluf, dreyer, ICEHOUSE,
NAISMITH, Talli, YeYu, g0tx0, zeroxt, Pci, ergosum, RoMaNSoFt, bladi, dab, DS, hgates, k4dy,
GriYo, keenan, NunoTreez, Patrice, Ana, Piere, Isabella, at4r, Mari, mitrein, Mabel, jaxp, Crg
and a strange fake-chinesse-girl... We still missed some guys.
Some of them are representative staff of; 7a69ezine, 29A, whitehack,
viejaguardia, NocOnName, haxorcitos and !dSR. Pics are available in the internal mailing list.
The next !dSR c0n (Spring c0n) is scheduled to 21th of May, please assistants should confirm by mailing list.
awstats.php available in STUFF/olds/, (configdir xpl with proxy support, thx DS).
DS`s PNphpBB.php xpl, is available now in STUFF/olds/PNphpBB.php
We deleted news from year 2004, main page is starting from Jan 2005.
Olds are available in http://dsr.segfault.es/2004.html
Kernel SRPM Updated (/STUFF/rpms/kernel)
New paper released in STUFF/txt section. Name=dns-tunneling.txt Author=dab LANG=es
Last official c0n (or not ...) more info:
http://dsr.segfault.es/cfg_final.txt
Sindominio.net was owned by the pr0j3kt m4yh3m -> mirror /STUFF/fun/sindominio
RainbowCrack project is over, so no more mails are accepted. http://dsr.segfault.es/rainbow/