-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I, the great pr0ix, have discovered a new technique for bruteforcing local suid binaries on any *nix operating system, which uncovers all exploitable bugs in the application. Attached is a simple example program, which is verbosely and clearly commented, which details the methodology which I have discovered. A more indepth article on my technique should be appearing in the next issue of Phrack. If you are unfamiliar with the concept of fuzztesting, I suggest that you take a look at the following applications: [1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip [2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz [3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz and, further reading on early fuzztesting techniques can be found at: [4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html - - - pr0ix /msg pr0ix on efnet ps: silvio, I want to be you, or at least with you! Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94 8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24= =DCmE -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 10:30:00 PST