Re: [Full-Disclosure] Encoding

From: Maxime Ducharme (mducharme_at_cybergeneration.com)
Date: 04/30/04

Next message: Slotto Corleone: "Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)"

Previous message: Exibar: "Re: [Full-Disclosure] Encoding"
In reply to: Exibar: "Re: [Full-Disclosure] Encoding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Exibar" <exibar@thelair.com>, "Tyler, Grayling" <ggtyler@foodlion.com>, <full-disclosure@lists.netsys.com>
Date: Fri, 30 Apr 2004 15:39:55 -0400

hehehe I totally agree, I also suggest that you do
NOT run ANY .scr file got from an email on windows
systems ;-)

Have a nice day everyone

Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau

----- Original Message -----
From: "Exibar" <exibar@thelair.com>
To: "Maxime Ducharme" <mducharme@cybergeneration.com>; "Tyler, Grayling"
<ggtyler@foodlion.com>; <full-disclosure@lists.netsys.com>
Sent: Friday, April 30, 2004 2:59 PM
Subject: Re: [Full-Disclosure] Encoding

> um, you DO know that joke.scr is Bagle.AA virus right? I know that you
were
> asking a question about encoding and not that you wanted to get to that
file
> specifically, but I figured I'd just throw in that JOKE.SCR is the
bagle.aa
> virus...just in case :-)
>
> Exibar
>
> ----- Original Message -----
> From: "Maxime Ducharme" <mducharme@cybergeneration.com>
> To: "Tyler, Grayling" <ggtyler@foodlion.com>;
> <full-disclosure@lists.netsys.com>
> Sent: Friday, April 30, 2004 2:27 PM
> Subject: Re: [Full-Disclosure] Encoding
>
>
> Encoding
> Hi,
> text/* encoding can be read in you mail program
> or any text editor.
>
> Base64 is used to encode binary data in string so it can
> get trought normal SMTP servers.
>
> To get the binary file back, you must decode it with a base64
> algorithm which is well known.
>
> You may get info on this encoding here :
> http://www.ietf.org/rfc/rfc1341.txt
> (section 5.2 Base64 Content-Transfer-Encoding)
>
> Here is an already compiled tool :
> http://www.fourmilab.ch/webtools/base64/
> (this one runs *nix & windows)
>
> Have a nice day
>
> Maxime Ducharme
> Programmeur / Spécialiste en sécurité réseau
>
> ----- Original Message -----
> From: Tyler, Grayling
> To: full-disclosure@lists.netsys.com
> Sent: Friday, April 30, 2004 1:35 PM
> Subject: [Full-Disclosure] Encoding
>
>
> At the risk of getting flamed (it will be worth it if I learn something
> useful) I'd like to ask a question.
> I've seen several cases where files have been sent to the list using
> different encodings (examples below). How do you covert these back to the
> original files (or can you?)
> Thanks
> <snip Examples>
> This is a multi-part message in MIME format.
> --Multipart_Thu__29_Apr_2004_20:59:33_+0000_08324880
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> ----------ecnaowrkveaupymubjrq
> Content-Type: text/html; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> <html><body>
> <br>
> </body></html>
> ----------ecnaowrkveaupymubjrq
> Content-Type: application/octet-stream; name="Joke.scr"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="Joke.scr"
> TVoAAAEAAAACAAAA//8AAEAAAAAAAAAAQAAAAAAAAAC0TM0hAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAkAAAAKkm3RPtR7NA7UezQO1Hs0DtR7NA7kezQGNYoEBtR7NAEWehQOxHs0AqQbVA
> 7EezQFJpY2jtR7NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwDMD5BAAAAAAAAA
> .
> .
> many more lines of same
> .
> .
> .
> AADgAA8BCwEFDABQAAAAEAAAAJAAAPDiAAAAoAAAAPAAAAAAQAAAEAAAAAIAAAQAAAAAAAAA
> BAAAAAAAAAAAAAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA
> kEw1CmBDYI4AF8SdSkyDJnqksmHAHk8NPooaF603JIi2SDa8FMRlOlq2AbtbElqqTJUFFmaX
> DZ2kJ7wnUkc=
> ----------ecnaowrkveaupymubjrq--
>
>
> --__--__--
>
>
>
> This electronic message may contain confidential or privileged information
> and is intended for the individual or entity named above. If you are
> not the intended recipient, be aware that any disclosure, copying,
> distribution or use of the contents of this information is prohibited.
> If you have received this electronic transmission in error, please notify
> the sender immediately by using the e-mail address or by telephone
> (704-633-8250).
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Slotto Corleone: "Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)"

Previous message: Exibar: "Re: [Full-Disclosure] Encoding"
In reply to: Exibar: "Re: [Full-Disclosure] Encoding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Any problems with massive loop unrolling on 8088?
... I'm guessing you have a byte-wide encoding here, ... This e-mail transmission, and any documents, files or previous ... e-mail messages attached to it, ... If you are not the intended recipient, ...
(comp.lang.asm.x86)
Help with DB2 DBI Connection
... ('binary' encoding is not supported, ... If the reader of this message is not the intended recipient, ... you are hereby notified that your access is unauthorized, and any review, ...
(perl.dbi.users)
Nodes out the Wazzu
... definitions to checkpoint that they would like to share, ... This electronic message may contain confidential or privileged information ... not the intended recipient, be aware that any disclosure, copying, ...
(Security-Basics)
RE: Account lockout - analysis help
... Look for 675 events associated with the account. ... This electronic message may contain confidential or privileged information ... not the intended recipient, be aware that any disclosure, copying, ...
(Security-Basics)