Penetration Testing mailing list archives
Re: C# Exceptions
From: "3 shool" <3shool () gmail com>
Date: Sat, 26 Aug 2006 22:36:11 -0700
Patrick, thanx for the detailed email. We are able to crash the application over the network by intercepting the traffic that goes in to the target application from the legitimate web serivces. We got these three different exceptions for different type of fuzzed data. Now before we move forward we were planning to see what would be our best option out of these three exceptions or memory dump that could give us remote code execution or at least best chance of penetration. Since buffer overruns are not possible in a .Net applicaiton what if we target a bufferoverrun in .Net itself? We got a couple of crashes that crashed .Net instead of generating any exceptions. If we were to pursue our best possibility of penetration what would it be? ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- C# Exceptions 3 shool (Aug 25)
- Message not available
- Re: C# Exceptions 3 shool (Aug 25)
- Message not available
- Re: C# Exceptions 3 shool (Aug 25)
- Re: C# Exceptions 3 shool (Aug 25)
- Message not available
- Message not available
- Re: C# Exceptions 3 shool (Aug 25)
- RE: C# Exceptions Patrick (Aug 26)
- Re: C# Exceptions 3 shool (Aug 27)
- RE: C# Exceptions Patrick (Aug 27)
- Re: C# Exceptions 3 shool (Aug 27)
- <Possible follow-ups>
- RE: C# Exceptions Krpata, Tyler (Aug 25)
- Re: C# Exceptions 3 shool (Aug 25)
- Re: C# Exceptions 3 shool (Aug 25)
- RE: C# Exceptions Steven Scheffler (Aug 28)
- RE: C# Exceptions Patrick (Aug 28)
- Re: C# Exceptions 3 shool (Aug 28)
- Re: C# Exceptions 3 shool (Aug 31)