Penetration Testing mailing list archives
Re: Mail Server testing
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: 13 May 2003 08:35:25 +0200
On Mon, 2003-05-12 at 05:39, per () same net wrote:
* Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill it with homogenous data, for instance only the character "a". Zip it. This will construct of a file that says "this files contains of 10(8) a:s" that is very small. Most modern mail content systems handles this today, some older might not.
You should give a look to a file known as 42.zip : http://www.securityfocus.com/bid/3027/exploit/ "42.zip: ZIP archive, 42K, composed of nested zips (nested 6 levels deep, each level 17 wide) - produces a file 4GB in size and will reportedly crash 'most email virus checkers'" Regards, -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Mail Server testing Amal Al Hajeri (May 11)
- <Possible follow-ups>
- Re: Mail Server testing per () same net (May 12)
- Re: Mail Server testing Nicolas Gregoire (May 13)
- Re: Mail Server testing Volker Tanger (May 14)
- Re: Mail Server testing Nicolas Gregoire (May 13)