Re: VisualBasic auditing

From: Voguemaster (hydrax@netvision.net.il)
Date: 02/19/03

  • Next message: gr00vy: "Re: VisualBasic auditing2"
    Date: Wed, 19 Feb 2003 19:55:47 +0200
    From: Voguemaster <hydrax@netvision.net.il>
    To: vuln-dev@securityfocus.com
    
    

    Well,

    As for VB auditing there are several things that one can do.
    For starters, the best VB analysis tool is definately Numega's
    SmartCheck. Even without sources it can pretty much analyze what
    the program is doing.
    Now, security vulnerabilities in the VB VM aside, the only other
    places to look for are interactions of the VB program with the
    environment in which it is running. For example, using external
    resource of any kind can pose a security threat. Exchanging data
    with other components (mainly client programs or otherwise untrusted
    input sources) is hazardous as well. It will be worth looking
    into how good of an implementation there is in this program.
    Remember, unexpected behavious can occur in all sorts of way, not
    only exploiting an unchecked buffer. As for the oldest trick in the
    book (almost), if there is communication with an external resource
    which is not written in VB, who knows.
    BTW, it is possible to crash a VB program or create some sort of DoS
    on it. The VM handles it pretty well enough but a vulnerability in
    the software itself is still a vulnerability.

    SmartCheck and other tools can be used to audit the program. For
    PCODE programs you'd have to approach the matter differently. Probably
    using some sort of decompiler. Even debuggers can be used (SoftIce comes
    to mind) if you're experienced enough not to get lost in the
    bloated code of a VB application.

    Eli

    On Sun, 16 Feb 2003 19:12:32 +0000, Some d00d <shavidi@yahoo.com> wrote:

    >
    >
    >
    >
    >
    >
    > Hi folks
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > I am auditing some network application and a
    >
    > significant number of them are written in MS Visual
    >
    > Basic. Have anyone done some work on exploiting VB
    >
    > software before? I assume that traditional methods such
    >
    > as buffer overflows will not work here.
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > Are there any tools around for this (such as VB
    >
    > disassemblers and de-scramblers)?
    >
    >
    >
    >
    >
    > Can you point me to any sources of information?
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > Thanks in advance, SD
    >
    >

    -- 
    Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
    


    Relevant Pages

    • Action tracking
      ... Unless you are either running a trace, have c2 auditing, ... have some trigger mechanism to sort who did what and when, ...
      (microsoft.public.sqlserver.server)
    • RE: Move inhibit
      ... > One possibility in mind that I was considering is having some sort of authentication or verification before a move operation is performed. ... is it possible to have some sort of audit trail to see who moved the folder? ... You configure Auditing via GPO. ... Microsoft MVP - Windows Server - Directory Services ...
      (microsoft.public.windows.server.active_directory)
    • Folder auditing
      ... network drive size auditing. ... Anyways Im looking for a way to at least check the folder ... message saying they are over the limit. ... Im looking for some sort of ...
      (microsoft.public.windows.server.general)