SPIKE and Sharefuzz

[Dave Aitel <daitel () atstake com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Vuln-Dev members.

Here's a fun afternoon activity pertinent to this list.

Hit www.atstake.com and grab SPIKE and Sharefuzz.

Put Sharefuzz on a commercial Unix of some kind (the weirder the better)
and
find all the environment variable overflows. For bonus points, actually
write
them all up. :> (Extra bonus points if you're an OS vendor and you do it
before
everyone else does.) (Negative points if you send me a "how do I compile
this?"
e-mail.)

Put SPIKE on a Linux box and play with msrpcfuzz, ntlm_brute, and, after

installing a web application of some kind on some machine you own,
webfuzz. If
YOU don't find a bug of some kind, I will GIVE YOU YOUR MONEY BACK. (No
guarantees of
exploitability.)

Have fun, and send any patches, comments, whines, and such to
daitel () atstake com.

Dave Aitel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7zDam9iGGtHdhlgMRAq6DAKCUOn4uM8aqdM9EPnyKRWqNlvrlYACfWzS/
v8NgczDuLLcy0UWGw2+YsQA=
=s3LA
-----END PGP SIGNATURE-----