[Code-Crunchers] windows vulnerability? [was: Re: 137 bytes]
Arkon
arkon at ragestorm.net
Wed Nov 8 18:14:13 CST 2006
Speaking of UNC with LoadLibrary? It seems Brett BTDTBTTS (Been there. Done
that. Bought the t-shirt.)
http://lists.virus.org/darklab-0312/msg00006.html
> -----Original Message-----
> From: Gadi Evron [mailto:ge at linuxbox.org]
> Sent: Wednesday, November 08, 2006 1:49 PM
> To: Code-Crunchers at whitestar.linuxbox.org
> Cc: full-disclosure at lists.grok.org.uk
> Subject: [Code-Crunchers] windows vulnerability? [was: Re: 137 bytes]
>
> On Wed, 8 Nov 2006, onisan wrote:
> > One thing is in this makes it even more interesting, most of the
> firewalls
> > do not block this download, so it's smallest and most dangerous
> downloader
> > at the same time :o
>
> What Alex did is very impressive! Matthew Murphy came up with the idea
> originally, I think, but it doesn't take from this amazing work in any
> way.
> *awe struck*
>
> I'd say more though, it's a vulnerability.
>
> If you can load a library remotely, and do so with no problems, it's a
> vulnerability in Windows. I am not sure of what kind quite yet.
>
> The mother of all downloaders.
>
> "The Zone has a new King!" <we're not worthy x3>
> -- Jeff, Coupling (BBC, UK).
>
> Gadi.
>
> > -- G
> >
> > 2006/11/8, Solar Eclipse <solareclipse at phreedom.org>:
> > >
> > > On Tue, Nov 07, 2006 at 10:56:42AM -0800, Peter Ferrie wrote:
> > > > Why is the idata size present? AFAIK, no Windows version checks it.
> > > > Four bytes shorter, then (stop at the idata rva non-zero byte)?
> > >
> > > You're right, you can remove the last field and bring the file size
> down
> > > to 133 bytes. That's what I get for claiming that the size can't be
> > > improved :-)
> > >
> > > Solar
> > > _______________________________________________
> > > Code-Crunchers mailing list
> > > Code-Crunchers at whitestar.linuxbox.org
> > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
More information about the Code-Crunchers
mailing list