hey!!:rolleyes:
can u guys name some sites which have the LATEST XPLOITS except securityfocus.com ofcourse.

most of the sites that i have seen lately either have very old exploits (written in 2000 or before that- now thats quite old u'll agree) or they have shut down for one or the other reason.

and nah nah - i'm not gonna use them for any illegal purpose. ;)

regards

itsme:)

u should try CERT.org, or seach yhe web with a metamotor
(kartoo.com).
if you find something related to ftp, mail me.

hey i never heard this site 'kartoo.com' .anyways i tried the link but lol...i don't understand this language.english is the only lang i can do with on net.







and whats a metamotor??u mean something like search engines?ofcourse i have tried them.







cert.org's quite ok but then i don't think they provide any exploits.



:o

Search Robots:

Google (http://www.google.com)
WiseNut (http://www.wisenut.com)
FAST (http://www.alltheweb.com)
AltaVista (http://www.altavista.com)
Excite (http://www.excite.com)
NothernLight (http://www.northernlight.com/power.html)
HotBot (http://hotbot.lycos.com/)
Teoma (http://www.teoma.com/)
About (http://www.about.com)

Search Directories:

Yahoo (http://www.yahoo.com)
About (http://www.about.com)
Open Directory (http://dmoz.org/)
LookSmart (http://www.looksmart.com)
************* (http://www.*************.net/)

Meta Search:

Ask Jeeves (http://www.ask.co.uk/)
IXQuick (http://www.ixquick.com/)
DogPile (http://www.dogpile.com/)
SavvySearch (http://savvy.search.com/)
MetaCrawler (http://www.metacrawler.com/index.html)
MultiCrawl (http://www.multicrawl.com/)
Cyber 411 (http://www.c4.com/index.html?cyber411=1)

Colossus: Internation Directory of Search Engines (http://www.searchenginecolossus.com/)
SearchEngineWatch (http://searchenginewatch.com/)
EasySearcher (http://www.easysearcher.com/)
Directory Guide (http://www.siteowner.com/dgdefault.cfm)
Search Engine ShowDown (http://www.notess.com/search/)
AllSearchEngines - hey, why did I bother making this list? (http://allsearchengines.com/)

If you can't find it with those guys, it's not out there...

Well, I think u should try astalavista.box.sk, or for an
underground search astalavista.com.

There are more exploits at http://www.insecure.org/sploits_all.html what do you need them for ?:confused:

IF OBL is what your looking for you won´t find a site, as they use a mixed bag o´tricks.

Well, I search the latest exploits for I'm working on DTK (Deception ToolKit, u can learn more about it at all.net).
This software is a honeypot and in order to configure it, i.e. to make the deception as realistic as possible, yout need to be aware of all the known exploits.
So, when a grey guy scan your box, and try to discover some things (what are the services you're running, their version, your OS type...) you prevent him from finding the truth and learn how he works. The more usefull is when he tries to break into your box.

Tell me what u think of this.:confused:

You are doing your homework!
Vous faites un bon travail!
J'essaierais de me protéger contre l'information sur les serveurs du dns et DNIC aussi. Vous pouvez obtenir alot de thier de l'information aussi. La plupart des gens oublient cette partie de protéger la compagnie.

I hope this makes sense to you?:D

I´ll check it out and ask if I have any questions, thanks for the tip.

There are more exploits at http://www.insecure.org/sploits_all.html what do you need them for







the xploits r too old and i think the subject of this thread is 'latest exploits'.
and no, atleast i can't make anything out of ur other mail mikey.




-voum


Well, I search the latest exploits for I'm working on DTK (Deception ToolKit, u can learn more about it at all.net).





so ur making this kit??


well i don't think working with it is gonna be easy.


it would require some real signature analysis.not to mention the time and energy that'll go with it.


but yes when it'll come to learning about exploting vulnerabilities - it's gonna be good enough if the s/w itself doesn't have too many vulnerabilties :p

J'essaierais de me protéger contre l'information sur les serveurs du dns et DNIC aussi. Vous pouvez obtenir alot de thier de l'information aussi. La plupart des gens oublient cette partie de protéger la compagnie.

Translated, it sounds like this: I will try to protect myself against the information on DN servers and DNIC too. You can get a lot ***makes no sense*** information, too. Most people forget this part to protect the company.

If it makes no sense: blame the message, don't blame the messenger...
Not bad though, for an American German...

And BTW: why does everybody keep saying 'DNS servers'??? In my not so humble opinion, Domain Name Servers Servers sounds stupid. 'Les serveurs du dns' also does. Capice? It's like the USA of A...

Hey give me some credit huh?

I get the message though. Should I try spanish??:D


What I wanted to say is the first problem is that too much information is available via DNS and DNIC, that should be a priority too.

The site looks good and the kit is interesting to. If I have anything on exploits (which I do)he he he, I´ll let you know.

I justed noted that your from Belg. sorry about the french thing. I should have used flamish (correct?). Hute mitaag or something like that.:p

I justed noted that your from Belg. sorry about the french thing. I should have used flamish (correct?).
There's a French-speaking and a Flemish-speaking part. I'm from the Flemish-speaking part, yups.

Hute mitaag or something like that. Lol... quite right ('Goede middag')...


__________________
"Respect the views of others and demand that they Respect yours
That's something I can agree with. But there's limits to everything, of course ;)

Yea I agree to that.

Anyway Voum is there a version of the Kit for 2000/XP to?:confused:

Originally posted by Negative

And BTW: why does everybody keep saying 'DNS servers'??? In my not so humble opinion, Domain Name Servers Servers sounds stupid. 'Les serveurs du dns' also does. Capice? It's like the USA of A...

ATM Machine. Automated Teller Machine Machine. PIN number. Personal Identification Number Number.

DNS - Domain Name Service.

'The Domain Name System (DNS) is a distributed Internet directory service': (extract from DNS.net (http://www.dns.net/dnsrd/) .) Damn...
And BTW: domain name service server still sounds ridiculous...

Hey just do a search for search engines and excerpts to whatever you're looking for.
But you got some really good help on this one, these people know where to find things on the net.I'm just trying to get the top score for replying to posts No just playin lol,.

i guess that'll teach me not to rely on my memory to the O'Reilly chapter titles. Although if I'd taken 10 more seconds and read the first sentence of that chapter, I'd have seen the correct term.

and for the record, I think they both sound a bit silly.

ATM Machine. Automated Teller Machine Machine. PIN number. Personal Identification Number Number.



Good One Terr !!!
:p


btw if anyone's interested i found the site http://www.linuxsecurity.com/ quite ok.

not many xploits there but still latest ones.

Originally posted by Mikey2K
Yea I agree to that.

Anyway Voum is there a version of the Kit for 2000/XP to?:confused:

Actually, DTK should run on 2000/NT, if you have perl, Fred Cohen tried to make it portable, but I didn't check it.
Anyway, if it doesn't u should try windog (HTTP://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=DTK) and if you have some money to spend, buy ManTrap or another NOT freeware...

Try Tlsecurity (http://www.tlsecurity.net) and of course goto the links here at AntiOnline:D :D

from www.dns.net/dns/dnsrd (http://www.dns.net/dnsrd)

The Domain Name System (DNS) is a distributed Internet directory service. DNS is used mostly to translate between domain names and IP addresses, and to control Internet email delivery. Most Internet services rely on DNS to work, and if DNS fails, web sites cannot be located and email delivery stalls.

So "DNS server" would be the correct usage.

Why dont you try hack.co.za have a whole lot ....
but i dont think its all legal and stuff

Trying in spanish ??? Und Wünschen Sie mich Deutch probieren ? :)

By the way, something seems strange to me. Why does this guy need access to latest exploit in designing a honeypot ?

In fact, what I can't understand well is that if he wants to setup a honeypot, he should know enough of the internet to know where to find the needed information ...

Seems strange to me ...

Jean-Francois