Vulnerability Development mailing list archives
Re: New Binary Bruteforcing Method Discovered
From: "David Rhodus" <sdrhodus () wildcatblue com>
Date: Tue, 26 Mar 2002 14:15:11 -0500
You didn't write this code. This has been passed around for over a year now. ----- Original Message ----- From: <pr0ix () hushmail com> To: <vuln-dev () securityfocus com> Cc: <blueboar () thievco com> Sent: Tuesday, March 26, 2002 12:39 PM Subject: New Binary Bruteforcing Method Discovered
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I, the great pr0ix, have discovered a new technique for bruteforcing local suid binaries on any *nix operating system, which uncovers all exploitable bugs in the application. Attached is a simple example program, which is verbosely and clearly commented, which details the methodology which I have discovered. A more indepth article on my technique should be appearing in the next issue of Phrack. If you are unfamiliar with the concept of fuzztesting, I suggest that you take a look at the following applications: [1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip [2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz [3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz and, further reading on early fuzztesting techniques can be found at: [4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html - - - pr0ix /msg pr0ix on efnet ps: silvio, I want to be you, or at least with you! Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/
Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/
Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94 8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24= =DCmE -----END PGP SIGNATURE-----
Current thread:
- New Binary Bruteforcing Method Discovered pr0ix (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 26)
- Re: New Binary Bruteforcing Method Discovered David Rhodus (Mar 26)
- <Possible follow-ups>
- Re: Re: New Binary Bruteforcing Method Discovered pr0ix (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Liedtke Goetz (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Charles 'core' Stevenson (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michael Wojcik (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 28)
- Re: New Binary Bruteforcing Method Discovered Blue Boar (Mar 28)