[Full-Disclosure] Reverse Engineering thoughts

From: n30 (n30_lists_at_hotmail.com)
Date: 01/06/04

Next message: Epic: "Re: [Full-Disclosure] Re: Linux kernel do_mremap() proof-of-concept exploit code"

Previous message: David Vincent: "RE: [Full-Disclosure] Ahh shucks!!"
Next in thread: Blue Boar: "Re: [Full-Disclosure] Reverse Engineering thoughts"
Reply: Blue Boar: "Re: [Full-Disclosure] Reverse Engineering thoughts"
Reply: Riad S. Wahby: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Reply: Adam Tuliper: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Reply: johnny cyberpunk: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Reply: Riad S. Wahby: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <pen-test@securityfocus.com>, <full-disclosure@lists.netsys.com>
Date: Tue, 6 Jan 2004 10:36:37 -0800

Hello Folks,

Just wanted your opinion.

Say I am pen-testing an application...It requires authentication credentials
to run. Also, the software has a demo mode & full version mode.

Now using RE (Reverse engineering), I can change the ASM & create a small
patch file to bypass the auth & convert the demo mode to full version mode.

Is this a security problem?? What should be my recommendation??

This is assuming that I work for a pen test firm & the company wants us to
test their product. So I should not be affected by DMCA?? Am i right??

Thanks in advance
-N

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Epic: "Re: [Full-Disclosure] Re: Linux kernel do_mremap() proof-of-concept exploit code"

Previous message: David Vincent: "RE: [Full-Disclosure] Ahh shucks!!"
Next in thread: Blue Boar: "Re: [Full-Disclosure] Reverse Engineering thoughts"
Reply: Blue Boar: "Re: [Full-Disclosure] Reverse Engineering thoughts"
Reply: Riad S. Wahby: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Reply: Adam Tuliper: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Reply: johnny cyberpunk: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Reply: Riad S. Wahby: "[Full-Disclosure] Re: Reverse Engineering thoughts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Reverse Engineering thoughts
... > Say I am pen-testing an application...It requires authentication credentials ... the software has a demo mode & full version mode. ... > This is assuming that I work for a pen test firm & the company wants us to ...
(Pen-Test)
[Full-Disclosure] Reverse Engineering thoughts
... Say I am pen-testing an application...It requires authentication credentials ... the software has a demo mode & full version mode. ... This is assuming that I work for a pen test firm & the company wants us to ...
(Full-Disclosure)
Reverse Engineering thoughts
... Say I am pen-testing an application...It requires authentication credentials ... the software has a demo mode & full version mode. ... This is assuming that I work for a pen test firm & the company wants us to ...
(Pen-Test)