tag:blogger.com,1999:blog-8539880144347728238.post8006770016904898171..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: MS09_002 Memory Corruption ExploitUnknownnoreply@blogger.comBlogger6125tag:blogger.com,1999:blog-8539880144347728238.post-48426667310186236952009-02-19T03:20:00.000-05:002009-02-19T03:20:00.000-05:00w00t! i didn't got mine! :(w00t! i didn't got mine! :(Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-74835708631576938822009-02-18T20:29:00.000-05:002009-02-18T20:29:00.000-05:00w00t!w00t!CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-54333025636458904952009-02-18T17:07:00.000-05:002009-02-18T17:07:00.000-05:00No worries. Happy to help. :) I just need to finis...No worries. Happy to help. :) I just need to finish off the obfuscation of the variables in mine and it's done. <BR/><BR/>I tested it through ISS's IDS and it's catching the shellcode and nops right now and not the trigger itself although that does not seem easy to alert on.dean de beerhttps://www.blogger.com/profile/13744345182407258839noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-90429563582962483092009-02-18T16:48:00.000-05:002009-02-18T16:48:00.000-05:00got mine!msf exploit(ms09_002) > sessions -l -v...got mine!<BR/><BR/>msf exploit(ms09_002) > sessions -l -v<BR/><BR/>Active sessions<BR/>===============<BR/><BR/> Id Description Tunnel Via <BR/> -- ----------- ------ --- <BR/> 1 Command shell 172.10.1.100:1975 -> 172.10.1.104:1116 windows/browser/ms09_002 <BR/><BR/>msf exploit(ms09_002) > <BR/><BR/>..thanks for the sample malware dean!!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-82461966890299600402009-02-18T15:56:00.000-05:002009-02-18T15:56:00.000-05:00install linux problem solvedinstall linux problem solvedAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-21120747809684643512009-02-18T15:27:00.000-05:002009-02-18T15:27:00.000-05:00Hmmmm... sounds great !! Can't wait for the juicy...Hmmmm... sounds great !! Can't wait for the juicy details ;)Anonymousnoreply@blogger.com