Full Disclosure mailing list archives
Re: Fuzzing for Fun and Profit
From: T Biehn <tbiehn () gmail com>
Date: Wed, 11 Feb 2009 12:51:54 -0500
release something that fuzzes web services given a WSDL. OR * Grammer file. state awareness given history, state munging, branch on prior states. Like: A->B->C->D Transaction 1 A1->B1->C1 Transaction 2 REPLAY from B1 B1->C2->D2 Transaction 1 C1->D1 OR A3->D3 D3->A3 (Send init packet with mundgery permute over *States if it permits.) Run all permutations and branches from all steps, with all possible delays. Learn if it "supports" your test then drop your test if it doesn't work. You won't worry about running out of shit to test, and you'll finally justify the cost of some sweet new hardware to run this on. -or- Learn how to audit code? This might be too much CS for you, but if you plug away you might learn something :.) I'm sure you'll get a talking spot and mad whitehat dollars if you do. On Wed, Feb 11, 2009 at 12:01 PM, <el8 () hushmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear tal0n. when will you do something that hasn't been done and is even relevant or practical in 2009? fuzzing sftp and command line arguments/env variables... nice and 2000AD "oh but its setuid(0)" yeah on your box and the 5 other people who download it to write useless papers/exploits to feel like they are smart/doing something (hi prdelka). When is the last time a sftpd exploit was useful? -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmTBHwACgkQhtejBzrM32l9fAP+L5pGZYr3uQVaRUNh0hrO91/EjR8j Eh/OLWWnhvEneGDwra2YR70R4AV0YDx3/wey/McNmiICu16xRLopvapqVdV2VVS5/1eP z6lqWg3Rs+vZQuSEjmblxvhPLgb9dLBRr60qbKPfGPEZKssv3akkxZOmm9no8P1KX8wP JU2A26Q= =Iy18 -----END PGP SIGNATURE----- -- Too many bills? Click here to simplify your life and lower your debt. http://tagline.hushmail.com/fc/PnY6qxtUbhP9WqQxe5tCHOKDJDbyevAbhO9MFNhCEbIMLazpKKNbq/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fuzzing for Fun and Profit Krakow Labs (Feb 10)
- <Possible follow-ups>
- Re: Fuzzing for Fun and Profit el8 (Feb 11)
- Re: Fuzzing for Fun and Profit T Biehn (Feb 11)
- Re: Fuzzing for Fun and Profit disco jonny (Feb 12)
- Re: Fuzzing for Fun and Profit T Biehn (Feb 11)