Re: MD5 Exploit Database?

From: Chris Reining (creiningat_private)
Date: Sat Jan 18 2003 - 16:12:53 PST

Next message: Darren Welch: "encryption question"

Previous message: adminat_private: "Re: CRC32 vd MD5"
In reply to: Mark G. Spencer: "MD5 Exploit Database?"
Next in thread: Simson L. Garfinkel: "Re: MD5 Exploit Database?"
Next in thread: H C: "re: MD5 Exploit Database?"
Reply: Simson L. Garfinkel: "Re: MD5 Exploit Database?"
Reply: Jack Crone: "Re: MD5 Exploit Database?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 17, 2003 at 03:01:19PM -0800, Mark G. Spencer wrote:
> I'm working on a server that has been "owned" for over a year.  Needless to
> say, there are a significant number of what I would call "questionable"
> files on the box.  Some of them I can quickly identify, albeit not
> authoritatively at this point, (e.g. httpodbc.dll), but others I cannot.
> 
> If I MD5 the collection of questionable files, is there a database I can
> cross-reference my MD5's against to authoritatively identify what these
> things are?  I understand I may end up with some unknowns depending on how
> the executables were compressed and/or wrapped.

The only public repository of md5s I'm aware of is the one at
www.knowngoods.org. Unfortunately for your situation, it only contains
linux, freebsd, macosx, macosx-server, and solaris sums.

application/pgp-signature attachment: stored

Next message: Darren Welch: "encryption question"
Previous message: adminat_private: "Re: CRC32 vd MD5"
In reply to: Mark G. Spencer: "MD5 Exploit Database?"
Next in thread: Simson L. Garfinkel: "Re: MD5 Exploit Database?"
Next in thread: H C: "re: MD5 Exploit Database?"
Reply: Simson L. Garfinkel: "Re: MD5 Exploit Database?"
Reply: Jack Crone: "Re: MD5 Exploit Database?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 19 2003 - 20:52:26 PST