Your best option is debugging the process that will pinpoint what and where the problem is.Try olldbg or ida pro.Or maybe try here.But with out specific information is pretty hard to tell you what your best option will be.

http://support.microsoft.com/kb/160651

Last edited by muhaa, Sun 12 Aug 2007, 15:54.

Quote :

scawen sure seems to have a hard time fixing that buffer overrun doesnt he ?

Buffer over flow you mean it's not my problem and your going off topic,Also just to add i don't think it would be so hard to add some length checking,Should have noticed it any way's in the source code.Im sure it won't be so hard to change a dangerous function,Also i sent them every thing they need to know.I don't understand what this has to do with the post.?

Quote :

Good suggestion, just horrible bad topic now, with flaming all over the place.

And your "suprised" at this im not this is normal for the kid's around here.

Quote :

So you are saying that because a few people pissed you off that potentially thousands of people should be disadvantaged due to your anger?

I know it's selfish but i just want to let it die down the flamer's keep coming you don't know what your talking about and all this sh!t..Haw else can i prove that im not some one who is here for kick's and giggle's.If i was that much of a twat half of you would be already exploited and you wouldn't even know it trust me.It's in the dev's hand's now not mine.

M8 you would be sick if you come here for advice and just get constant crap from every one for trying to help the comunity.People keep going on about it like im some sort of ****ing idiot,When really it's not me who's trolling the tread's flaming where it's not needed at the end of the day i've let the dev's know it's up to them to fix it why should i be bothered about what happen's to there computer's,There obviously got no concept on what i came here for.Now please let's this thread die down till the patch is released then i will release the informtion and poc code here.

thisnameistaken please don't insult me any more i come here to let people know that the software was voulnrable that is all,And to report the bug if you think you need any exe to run the exploit your wrong..You will have to wait till it's patched coz the more i hear people doubting my work the more i want to just make it public then it's down to you to handle the consequences's of it.And then you spoil it for the other live for speed guy's.Also if you done some reserch on me with google you will see that not messing about i do this day to day.

http://www.google.co.uk/search ... amp;btnG=Search&meta=
That's what happen's when you release a poc code it get's submitted to the security site's all over the web

Last edited by muhaa, Tue 31 Jul 2007, 01:07.

Omfg your back again for more,Ok the exploit's is a local exploit it's nothing to do with the server,I've already said that we can use shell code that will connect from your computer to mine if you don't belive me then fair enough but take a little look at the metasploit payload's on offer.

http://metasploit.com:55555/PAYLOADS?FILTER=win32

Quote :

I've never asked you about the buffer, I've asked - half a dozen times - how you intended to run your exploit on the host machine.

If i tell you that it will give the game away completely belive me it will.

I did i got in touch with the link you sent me m8 thank's.Every one seam's to be pissed off with me for no reason im not trying to big it up or any thing i come here to report the bug.What would you rather me done used to it to start to hack other lfs user's yeh maybe i should have done that,Becouse at the minute im starting to wish i never even camer here for advice.

And your point is ??? I havn't posted it i was unsure of haw to get in touch with the dev's don't think i have had to..Then people started asking question's.See what i mean absolutely unbelievable don't flame it ain't my fault you don't know about it.Just leave the post till it's patched then we will talk.If i tell you where the buffer over flow is it will not be private,that is why i've said wait till it's patched then i will release every thing i know about it.

Last edited by muhaa, Tue 31 Jul 2007, 00:30.

This is the bug part of the forum this is a bug m8.

Quote :

Don't you think that you run the risk of exposing the exploit to someone who can and will do something malicious?

nope not at all like ive asked load's of time's if people can just drop it and let the dev's fix it.

Hey yeh i got a few email's from them i told them where it is,And sent them the poc code wrote in c which they have along with all the debugging info,I will send them an email tomorrow when i get up so they can make a quick post in here if they will no doubt,It will be fixed in no time they have the source code so im sure it won't be a problem it can only be 2 thing's no length checking or using a dangerous function like strcpy() any thing like that will cause this.Coz these c function's should never be used they don't implement any kind of length checking or bound's checking.


Email from them
Hello,

Scawen is very busy at the moment so he can't talk to you directly.

All he needs to know at the moment is the principle of the exploit, and
which buffer is overflowed by what means.

Thanks for your help with this.

- Tech

P.S. The best language is C.

Last edited by muhaa, Tue 31 Jul 2007, 00:20.

Lol it's obvious why you are here stop trolling in my post's you have no idea what im even talking about so just leave it,And yes you where saying is the buffer over flow in some sort of iffy server.

Quote :

I understand how stacks work, it's not rocket science

Explain then im all ear's ..

-xdream- did you get the pm i sent you explaining where the buffer over flow is i know i can trust you to not say any thing.oop's didn't refresh you guy's are posting so damn fast lol.Look you made me double post.

Quote :

Which is why I was asking how you proposed to run your exploit (when I postulated that it might be a bogus server). Which you've never answered.

I did answer your question before take a look back at the post's,I cant say where the buffer over flow is because it will then be leaked i might as well release the poc code for it.Ok haw much asm do you know because it just seam's that you didn't know what a jmp esp was or a call esp or even a pop popret..?

Last edited by muhaa, Mon 30 Jul 2007, 23:54.

Shotglass please m8 if you are that interested in learning about exploit development read some book's first then come ask question m8,What you are asking is totally wrong it's got nothing to do with ip address or any thing it's to do with asm getting executed via the cpu.Which we point to it via the eip register.It shouldn't be long for the patch xdream m8.He is working on it i think he has every thing he need's to fix it.

Wow you guy's can't just shut the hell up and let the dev's fix it i've already supplied them the c c++ code for the poc code,If you belive me or not is just a matter of your own personal opinion,Soon or latter the dev's will release the patch i will release the poc code so it's publicly available,Un till then im saying nothing about the exploit what so ever.

Aimed at thisnameistaken not you xdream some people in here are just here for flaming.The problem is these people like thisnameistaken and a few other's cant even comprehend what im saying there living in denial i should ask the dev's to pop by here to back my story and claim's up.The reason they don't belive me is becouse i can't tell them every thing about it they are the one's that wanted me to keep it private..?

Last edited by muhaa, Mon 30 Jul 2007, 23:22.

What m8 you don't even need the ip the ip don't even get pushed on the stack normally in a programing language there are set protocol's to connect to,These can be identified by a banner grab,Or by reading the packet this is not remote but if i can get you to do some thing in lfs2 which wouldn't be to hard,I can gain access to your computer by using some reveres shell code,Normally a client and server you use the client to connect to the server,This is the other way round my ip is stored in the byte code which you will not be able to see then when you run lfs with these circumstance's,Your computer will connect to mine through your firewall regardless of you fire wall even if dep is on,Then my computer will be waiting for the connection once connected i have full access to your computer.Or we could even download a file from a web server and execute it,With out you even known share your full hard drive install a pre coded key logger anti virus wouldn't even know.Add a new user to your computer,Install and reveres connect vnc server,The option's are endless although i just execute calc.exe for a poc code to show it's exploitable and for safety reason's but there is plenty of room for much worse shell code.It's not easy for you guy's to understand you have to have a little programing knowledge first then you would understand the implication's of it.It's all to do with your register's inside your cpu it's called asm im dealing directly with the cpu and the instruction's inside it the main working's.

Last edited by muhaa, Mon 30 Jul 2007, 22:25.

Quote :

i said that from what you said you first need to get someone to run an exe

Nope i've never said that m8 look just leave it for now when it's fixed ill let you know haw it was done it's been a long day i've spent hour's on this so let's just leave it up to the dev's for now.

Quote :

ok so if i caught your drift youve found a non remote exploitable buffer overflow right ?
so basically you need to inject a malicious exe into somebody elses pc to be able to execute malicious code on his machine ?

ahahah some of you make me laugh what would be the point in hooking dll and injecting code in a pre compiled exe lmfao.No of course not just wait till it's fixed please.Some of you guy's don't even know what im talking about unless you program and know why a buffer over flow exist's dont even start posting crap like that.

thisnameistaken you have no idea haw this bug is exploitable which will be released here once the dev's have fixed the over flow i think you will be surprised,Just wait untill i release the detail's before you go making any comment's,It has nothing to do with an iffy server m8 nothing at all.The dev's want me to provide a full working poc code in c++ tonight so they can get it fixed,Any buffer over flow is a major threat it's just a shame you don't realize it,Let the dev's do there work then i will release the full detail's of the exploit with poc provided so if you want to test it your self before you update lfs you can.
I think some of the feed back is totally unessesry i could have kept my mouth shut about it and just released it to the public haw the hell am i supposed to write a poc and give them the info about it,When im siting here arguing with kid's,Just let me get it done then it will get fixed.There is no law to say i have to hand the detail's over i am doing so the lfs community can get a better experience from the game and not have to worry about stuff like this.And as for the comment's you made on the post's and what i've said i was pretty pissed of at the way people over reacted to stuff i had posted.When i said it wasn't exploitable i coulndn't reacreate the seh over write method but stumbled upon a more sinister way of exploiting the bug...Just let the dev's do there work.

Last edited by muhaa, Mon 30 Jul 2007, 19:19.

Wow lol well first of all you wouldn't be saying that if i had tricked you in doing some thing that you had no idea of the consequence,Like i've said im not going into detail's about this un-till there is a patch released for it.Simply because i think's it pretty self explanatory,As for you think it's point less,Do you like using un-secure software if your answer is no.Then you are lucky that's there's people around that do care.But like i said you wouldn't be so happy if you got haked through this i would say easy take alot of people who wouldn't even know that it happened the process still run's silently in the back ground till it's to late.

Quote :

It seems like a lot of work for very little return

Exactly there is alot of work involved if lfs was to pay some one for it they would be charging easy 250 quid an hour.

Quote :

how many PCs do you think you'd be able to own before it was snuffed out?

Alot considering there is no warning at all i think alot of people i myself would even fall for it straight away with out thinking of any thing till it was too late.

Last edited by muhaa, Mon 30 Jul 2007, 18:56.

Thank's keith yes what your saying is right i just realized,Live for speed is based in the uk maybe there is a phone number for one of the dev's i don't want to talk to any one unless they have some programing or asm experiance.Becouse i think it would be pointless otherwise,Maybe even a msn address im due to go to work i will try and stay off tomorrow to get this resolved might as well missed 1 day off already.

When i get more time tonight i will edit the post's .I've already been in touch with the dev's.I've already sent them load's of email's and not much response to tell you the truth i thought they would have been more bothered.Is there any where i can actually speak to the dev's.I've just completed a 1 and a half page poc on the subject.

Last edited by muhaa, Mon 30 Jul 2007, 15:43.

M8 at the end of the day it don't matter what is typed belongs the bug get's fixed my english is not 100% i've already stated that..

Quote :

Erm... he isnt flaming

I think he was m8 maybe you need to read the whole thing.Topic tittle sum's it up realy well i thought.Good new's dev's been in touch im sending a poc code tonight so they can find out where the buffer over flow is .

Last edited by muhaa, Mon 30 Jul 2007, 13:08.