Vulnerability Development mailing list archives
SPIKE and Sharefuzz
From: Dave Aitel <daitel () atstake com>
Date: Tue, 16 Oct 2001 09:31:38 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Vuln-Dev members. Here's a fun afternoon activity pertinent to this list. Hit www.atstake.com and grab SPIKE and Sharefuzz. Put Sharefuzz on a commercial Unix of some kind (the weirder the better) and find all the environment variable overflows. For bonus points, actually write them all up. :> (Extra bonus points if you're an OS vendor and you do it before everyone else does.) (Negative points if you send me a "how do I compile this?" e-mail.) Put SPIKE on a Linux box and play with msrpcfuzz, ntlm_brute, and, after installing a web application of some kind on some machine you own, webfuzz. If YOU don't find a bug of some kind, I will GIVE YOU YOUR MONEY BACK. (No guarantees of exploitability.) Have fun, and send any patches, comments, whines, and such to daitel () atstake com. Dave Aitel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7zDam9iGGtHdhlgMRAq6DAKCUOn4uM8aqdM9EPnyKRWqNlvrlYACfWzS/ v8NgczDuLLcy0UWGw2+YsQA= =s3LA -----END PGP SIGNATURE-----
Current thread:
- SPIKE and Sharefuzz Dave Aitel (Oct 16)