Vulnerability Development mailing list archives
Re: Re New Binary Bruteforcing Method Discovered
From: "mail;" <rivetgeek () rivetgeek com>
Date: Wed, 27 Mar 2002 18:39:59 -0800
In regards to the original post, go to http://www.phrack.com and scroll down............ ----- Original Message ----- From: "John" <johns () tampabay rr com> To: "Jeff Schaller" <schaller () freeshell org> Cc: "Michal Zalewski" <lcamtuf () coredump cx>; <mixter () 2xs co il>; <vuln-dev () securityfocus com> Sent: Wednesday, March 27, 2002 5:42 PM Subject: Re: Re New Binary Bruteforcing Method Discovered
I think it's worth mentioning that the tool I linked to was not mentioned
or
tested in this paper. I mentioned this tool because it has quite a few command line options and it actually tries to execute arbitrary commands. ----- Original Message ----- From: "Jeff Schaller" <schaller () freeshell org> To: "John" <johns () tampabay rr com> Cc: "Michal Zalewski" <lcamtuf () coredump cx>; <mixter () 2xs co il>; <vuln-dev () securityfocus com> Sent: March 27, 2002 8:21 PM Subject: Re: Re New Binary Bruteforcing Method DiscoveredOn Wed, 27 Mar 2002, John wrote:A while back there was a tool that was released that would brute force binaries and attempt to exploit the bug. It attempted to exploit
simple
stack overflows, but it was a nice tool at the time. http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0710.html<two cents> I wrote a paper for SANS last summer which surveyed the available auditing tools (source code scanners, black box testers, and known exploits). Against the simple target program I chose (Hobbit's "webs"), the black-box testers failed miserably, for reasons that I go into in the paper (basically, that they aren't protocol-aware). Brute-force black-box scanners catch the low-hanging fruit, bug-wise. Direct URL (the report is the HTML file inside the ZIP file): http://www.giac.org/practical/Jeff_Schaller_GSNA.zip Other reports available from: http://www.giac.org/GSNA.php </two cents> -jeff -- Last week, scientists announced the first-ever cloning of a human
embryo,
which they hope to mine for stem cells to treat diseases. What do youthink?"I think I'll just sit back and let the ignorant, hysterical Christians handle this one." Peter Jordan, Systems Analyst. The Onion.
Current thread:
- Re: Re New Binary Bruteforcing Method Discovered, (continued)
- Re: Re New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Blue Boar (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: New Binary Bruteforcing Method Discovered mixter (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Matthew G. Marsh (Mar 28)
- Re[2]: New Binary Bruteforcing Method Discovered dullien (Mar 29)
- Re: Re New Binary Bruteforcing Method Discovered John (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Jeff Schaller (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered John (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered mail; (Mar 27)