New Binary Bruteforcing Method Discovered

From: pr0ixat_private
Date: Tue Mar 26 2002 - 09:39:40 PST

Next message: John Lampe: "Re: Wireless device vulnerability?"

Previous message: Toni Heinonen: "RE: Wireless device vulnerability?"
Next in thread: Kurt Seifried: "Re: New Binary Bruteforcing Method Discovered"
Reply: Kurt Seifried: "Re: New Binary Bruteforcing Method Discovered"
Reply: Michal Zalewski: "Re: New Binary Bruteforcing Method Discovered"
Reply: David Rhodus: "Re: New Binary Bruteforcing Method Discovered"
Reply: Liedtke Goetz: "Re: New Binary Bruteforcing Method Discovered"
Reply: Michael Wojcik: "RE: New Binary Bruteforcing Method Discovered"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I, the great pr0ix, have discovered a new technique for bruteforcing local
suid binaries on any *nix operating system, which uncovers all exploitable
bugs in the application.  Attached is a simple example program, which is
verbosely and clearly commented, which details the methodology which I
have discovered.  A more indepth article on my technique should be
appearing in the next issue of Phrack.

If you are unfamiliar with the concept of fuzztesting, I suggest that you
take a look at the following applications:

[1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip
[2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz
[3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz

and, further reading on early fuzztesting techniques can be found at:

[4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html

- - - pr0ix
 /msg pr0ix on efnet

ps: silvio, I want to be you, or at least with you!



Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94
8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24=
=DCmE
-----END PGP SIGNATURE-----

application/octet-stream attachment: super-fuzz-tester.c

text/plain attachment: super-fuzz-tester.c.sig

Next message: John Lampe: "Re: Wireless device vulnerability?"
Previous message: Toni Heinonen: "RE: Wireless device vulnerability?"
Next in thread: Kurt Seifried: "Re: New Binary Bruteforcing Method Discovered"
Reply: Kurt Seifried: "Re: New Binary Bruteforcing Method Discovered"
Reply: Michal Zalewski: "Re: New Binary Bruteforcing Method Discovered"
Reply: David Rhodus: "Re: New Binary Bruteforcing Method Discovered"
Reply: Liedtke Goetz: "Re: New Binary Bruteforcing Method Discovered"
Reply: Michael Wojcik: "RE: New Binary Bruteforcing Method Discovered"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 10:30:00 PST