MD5 Exploit Database?

From: Mark G. Spencer (mspencerat_private)
Date: Fri Jan 17 2003 - 15:01:19 PST

Next message: adminat_private: "Re: CRC32 vd MD5"

Previous message: Anthony D Cennami: "Re: Possible forensic issue with grub and RH8.0"
Next in thread: Chris Reining: "Re: MD5 Exploit Database?"
Reply: Chris Reining: "Re: MD5 Exploit Database?"
Reply: H C: "re: MD5 Exploit Database?"
Reply: Andreas Schuster: "Re: MD5 Exploit Database?"
Reply: Merino, Inigo (ISP): "RE: MD5 Exploit Database?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm working on a server that has been "owned" for over a year.  Needless to
say, there are a significant number of what I would call "questionable"
files on the box.  Some of them I can quickly identify, albeit not
authoritatively at this point, (e.g. httpodbc.dll), but others I cannot.

If I MD5 the collection of questionable files, is there a database I can
cross-reference my MD5's against to authoritatively identify what these
things are?  I understand I may end up with some unknowns depending on how
the executables were compressed and/or wrapped.

Thanks,

Mark



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: adminat_private: "Re: CRC32 vd MD5"
Previous message: Anthony D Cennami: "Re: Possible forensic issue with grub and RH8.0"
Next in thread: Chris Reining: "Re: MD5 Exploit Database?"
Reply: Chris Reining: "Re: MD5 Exploit Database?"
Reply: H C: "re: MD5 Exploit Database?"
Reply: Andreas Schuster: "Re: MD5 Exploit Database?"
Reply: Merino, Inigo (ISP): "RE: MD5 Exploit Database?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 15:29:34 PST