Penetration Testing mailing list archives
RE: Reverse Engineering thoughts
From: "Brett Moore" <brett.moore () security-assessment com>
Date: Thu, 8 Jan 2004 10:13:01 +1300
Heyall JC, Agreed and the traditional cracking stuff can come in handy in the right situation.
Say I am pen-testing an application...It requires authentication
credentials to run.
Also, the software has a demo mode & full version mode.
Not much to go on so I'll take a stab in the dark. Application is custom written 2 parts, client and server. Server listens for connections from clients Client has 2 modes / demo and full. It is presumed full can do more stuff. A security review should be a comprehensive check of many areas. Thus a holistic approach, and at a tech level should include checks like the following - buffer overflow attacks against client and server - clear text packet sniffing - usual sql injection and other auth bypass methods. (cookie/session/fags) Also because a part of the application (the client) is a local binary, i think it is important to do 'other' checks for attacks that may allow; - admin (god) - access to extra features - more 'time/credits/funds' etc (kisok type thing) - local storage of credentials. clear text files / databases These checks could include the following; - binary R/E. * Traditional cracking methods - window enabling * sending wm_enable to enable buttons etc. - message forging * 'option' on a menu will send a message to the parent/activewindow. Even if the menu is disabled/nonvisible, the parent window may still accept and dispatch the message. We did a test once where the 'low access' client app could be forced to allow user management. Brett. jc:HNY/vegas -----Original Message----- From: johnny cyberpunk [mailto:johncybpk () gmx net] Sent: Thursday, January 08, 2004 6:53 AM To: pen-test () securityfocus com; full-disclosure () lists netsys com Subject: Re: Reverse Engineering thoughts hi n30, what you are doing is not reversing the tool for security bugs, it's traditional cracking stuff. my opinion is, that this can't be reported directly as a security problem, but you can point out that they should improve there software with a harder copy protection, such as runtime binary encryption, anti-debugging stuff and so on. cheers, johnny cyberpunk / thc +++ no cock is as hard as life +++ public key: http://www.thc.org/keys/jcyberpunk.pub fingerprint: CB59 19F9 ABF2 781A 4E6C 0A43 F773 9106 BADA BF8C ----- Original Message ----- From: "n30" <n30_lists () hotmail com> To: <pen-test () securityfocus com>; <full-disclosure () lists netsys com> Sent: Tuesday, January 06, 2004 7:36 PM Subject: Reverse Engineering thoughts
Hello Folks, Just wanted your opinion. Say I am pen-testing an application...It requires authentication
credentials
to run. Also, the software has a demo mode & full version mode. Now using RE (Reverse engineering), I can change the ASM & create a small patch file to bypass the auth & convert the demo mode to full version
mode.
Is this a security problem?? What should be my recommendation?? This is assuming that I work for a pen test firm & the company wants us to test their product. So I should not be affected by DMCA?? Am i right?? Thanks in advance -N --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SQL Injection question Sasa Jusic (Jan 05)
- Re: SQL Injection question Jeff Williams @ Aspect (Jan 05)
- RE: SQL Injection question Yvan Boily (Jan 05)
- Re: SQL Injection question Adam Tuliper (Jan 05)
- Reverse Engineering thoughts n30 (Jan 07)
- Re: Reverse Engineering thoughts Riad S. Wahby (Jan 07)
- Re: Reverse Engineering thoughts johnny cyberpunk (Jan 07)
- RE: Reverse Engineering thoughts Brett Moore (Jan 07)
- Re: Reverse Engineering thoughts Adam Tuliper (Jan 07)
- RE: SQL Injection question Yvan Boily (Jan 05)
- Re: SQL Injection question Jeff Williams @ Aspect (Jan 05)
- RE: SQL Injection question Tibor Biro (Jan 05)
- <Possible follow-ups>
- RE: SQL Injection question Lachniet, Mark (Jan 05)
- RE: SQL Injection question Scovetta, Michael V (Jan 05)
- SQL injection question John (Jan 21)
- Re: SQL injection question .Saphyr (Jan 22)