Re: Latest HackInTheBox Conference Materials

[rd () segfault net]

Happy New Year Everyone!

IIRC, LSD's RPC interface decompiler (called dmidl?) was developed in 
2001 (as what they said). Decompiled IDL by dmidl can be even recompiled 
with Microsoft IDL compiler. Their second tool C decompiler FA is still 
in alpha stage but the output in the presentation looks great (btw, have 
anyone seen ilfac beta in ida pro? jc told me that it was r0x). Dont know 
when they will release their tools.

RD / THC 
Visit us at http://www.thc.org 

On Wed, Dec 31, 2003 at 03:51:34PM -0600, H D Moore wrote:
> The HITB staff is still incredibly busy, trying to sort out the all of the 
> financial cruft and organize the materials. They should have most of the 
> materials online by the end of January.
>
> LSD's presentation was an in-depth look at the DCOM interface, how to 
> fingerprint the OS based on the available interfaces, and a basic review 
> of two tools they developed.
>
> Both of the tools presented were still being finalized at 6:00am the day 
> of their talk, half of the members were up all night finishing slides and 
> code (hell, so was I for the first two nights).
>
> The first tool was called "fa" for flow analysis, IIRC it was a tool for 
> easily tracing user-supplied RPC parameters through compiled binaries, it 
> was able to detect format string and overflow bugs in this manner.
>
> The second tool was a RPC interface decompiler. (forgot the name 
> off-hand), it generated the appropriate C stubs to write a client for any 
> RPC service, using just the executable. It used a number of techniques to 
> scan for the the RPC structures and followed pointers around the binary 
> to determine the number and type of arguments for each function in the 
> RPC service.
>
> It will probably take them some time to get the code solid enough for a 
> public release; the decompiler looked like it was a real bitch to write, 
> mostly because of the different RPC types (different structures, 
> different signatures, etc).
>
> Er so yeah, loosen up the tin foil, the HITB stuff is all volunteer-based, 
> with a core team of maybe 5 people who are making up silly excuses to 
> their real employers so they can finish up the post-conference stuff :)
>
> If anyone cares, the reason why the public metasploit v2.0 release is 
> being held back is that I got a ton of development help at the last 
> minute and am trying to sort out all the new features/bug 
> fixes/organization structure. Hopefully will have something available 
> within the next two weeks, I really dont want to release until the 
> underlying API for the exploit modules stops changing and some docs get 
> written.
>
> -HD
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave