Re: New Binary Bruteforcing Method Discovered
From: David Rhodus (sdrhodus@wildcatblue.com)Date: 03/26/02
- Previous message: Michal Zalewski: "Re: New Binary Bruteforcing Method Discovered"
- In reply to: pr0ix@hushmail.com: "New Binary Bruteforcing Method Discovered"
- Next in thread: Liedtke Goetz: "Re: New Binary Bruteforcing Method Discovered"
- Next in thread: pr0ix@hushmail.com: "Re: Re: New Binary Bruteforcing Method Discovered"
- Reply: pr0ix@hushmail.com: "Re: Re: New Binary Bruteforcing Method Discovered"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Rhodus" <sdrhodus@wildcatblue.com> To: <pr0ix@hushmail.com>, <vuln-dev@securityfocus.com> Date: Tue, 26 Mar 2002 14:15:11 -0500
You didn't write this code. This has been passed around for over a year now.
----- Original Message -----
From: <pr0ix@hushmail.com>
To: <vuln-dev@securityfocus.com>
Cc: <blueboar@thievco.com>
Sent: Tuesday, March 26, 2002 12:39 PM
Subject: New Binary Bruteforcing Method Discovered
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I, the great pr0ix, have discovered a new technique for bruteforcing local
> suid binaries on any *nix operating system, which uncovers all exploitable
> bugs in the application. Attached is a simple example program, which is
> verbosely and clearly commented, which details the methodology which I
> have discovered. A more indepth article on my technique should be
> appearing in the next issue of Phrack.
>
> If you are unfamiliar with the concept of fuzztesting, I suggest that you
> take a look at the following applications:
>
> [1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip
> [2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz
> [3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz
>
> and, further reading on early fuzztesting techniques can be found at:
>
> [4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html
>
> - - - pr0ix
> /msg pr0ix on efnet
>
> ps: silvio, I want to be you, or at least with you!
>
>
>
> Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
> HushMail Secure Email http://www.hushmail.com/
> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
> Hush Business - security for your Business http://www.hush.com/
> Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/
>
> Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
>
> Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
> HushMail Secure Email http://www.hushmail.com/
> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
> Hush Business - security for your Business http://www.hush.com/
> Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/
>
> Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94
> 8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24=
> =DCmE
> -----END PGP SIGNATURE-----
>
- Previous message: Michal Zalewski: "Re: New Binary Bruteforcing Method Discovered"
- In reply to: pr0ix@hushmail.com: "New Binary Bruteforcing Method Discovered"
- Next in thread: Liedtke Goetz: "Re: New Binary Bruteforcing Method Discovered"
- Next in thread: pr0ix@hushmail.com: "Re: Re: New Binary Bruteforcing Method Discovered"
- Reply: pr0ix@hushmail.com: "Re: Re: New Binary Bruteforcing Method Discovered"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
