Vulnerability Development mailing list archives
Re: Analyze binary for holes
From: Shaun Clowes <shaun () securereality com au>
Date: Fri, 1 Aug 2003 10:12:05 +1000
On Thu, Jul 31, 2003 at 10:19:18PM -0000, DownBload wrote:
In-Reply-To: <20030729162007.7689.qmail () www securityfocus com> You can use strings for easy finding potential vulnerable functions. # strings /bin/ls | grep strcpy # strings /bin/sh | grep sprintf # strings /bin/tralalal | grep syslog # strings /bin/format | grep fprintf If potential vulnerable function is found, you only know that function is used, but you don't know if that function is used in wrong way. Try to disassemble with gdb and look for flaws or brute force args and env.
Sorry, but this thread is now getting ridiculous, reverse engineering using strings is silly. If you insist on looking for vulnerable functions you should actually look for function imports using the correct tool for the binary file you're looking at, e.g: $ elfdump -s /bin/ls | grep strcpy [81] 0x00024190 0x00000000 FUNC GLOB D 0 UNDEF strcpy If you decide you want to verify those calls you should run the code through a good disassembler (though I guess objdump is pretty much your only option that is free for Solaris) and study the code that provides the parameters (and their origin). Any which way you look at it, doing this well is hard and time consuming work. Cheers, Shaun
Current thread:
- Re: Analyze binary for holes Shaun Clowes (Aug 01)
- <Possible follow-ups>
- Re: Analyze binary for holes xenophi1e (Aug 01)
- Re: Analyze binary for holes Gerardo Richarte (Aug 11)