Re: Re: New Binary Bruteforcing Method Discovered

From: pr0ixat_private
Date: Wed Mar 27 2002 - 10:56:22 PST

Next message: Michal Zalewski: "Re: Re New Binary Bruteforcing Method Discovered"

Previous message: mixterat_private: "Re New Binary Bruteforcing Method Discovered"
Maybe in reply to: David Rhodus: "Re: New Binary Bruteforcing Method Discovered"
Next in thread: Michael Wojcik: "RE: New Binary Bruteforcing Method Discovered"
Next in thread: John: "Re: Re New Binary Bruteforcing Method Discovered"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would like to defend myself on this matter.

Yes, I did write this code.  Yes, it has been in circulation since I shared it with my hacking group.  Someone must have leaked it at some point in time.  It was brought to my attention a few weeks ago that someone had placed their name on my code, one of the reasons that I decided to give it to the community, so that proper credit would be attributed to myself.

Please stop spreading lies about me.  I'm working hard to establish myself in this industry, and I don't need fools like yourself trying to discredit me.  It isn't like my past associations with hack.co.za aren't hurting my current job search.

And yes, I am looking for a really good job. . .

- - pr0ix
/msg pr0ix on efnet

On Tue, 26 Mar 2002 14:15:11 -0500, David Rhodus <sdrhodusat_private> wrote:
>You didn't write this code. This has been passed around for over a year now.
>
>
>----- Original Message -----
>From: <pr0ixat_private>
>To: <vuln-devat_private>
>Cc: <blueboarat_private>
>Sent: Tuesday, March 26, 2002 12:39 PM
>Subject: New Binary Bruteforcing Method Discovered
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I, the great pr0ix, have discovered a new technique for bruteforcing local
>> suid binaries on any *nix operating system, which uncovers all exploitable
>> bugs in the application.  Attached is a simple example program, which is
>> verbosely and clearly commented, which details the methodology which I
>> have discovered.  A more indepth article on my technique should be
>> appearing in the next issue of Phrack.
>>
>> If you are unfamiliar with the concept of fuzztesting, I suggest that you
>> take a look at the following applications:
>>
>> [1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip
>> [2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz
>> [3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz
>>
>> and, further reading on early fuzztesting techniques can be found at:
>>
>> [4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html
>>
>> - - - pr0ix
>>  /msg pr0ix on efnet
>>
>> ps: silvio, I want to be you, or at least with you!
>>
>>
>>
>> Hush provide the worlds most secure, easy to use online applications -
>which solution is right for you?
>> HushMail Secure Email http://www.hushmail.com/
>> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
>> Hush Business - security for your Business http://www.hush.com/
>> Hush Enterprise - Secure Solutions for your Enterprise
>http://www.hush.com/
>>
>> Looking for a good deal on a domain name?
>http://www.hush.com/partners/offers.cgi?id=domainpeople
>>
>> Hush provide the worlds most secure, easy to use online applications -
>which solution is right for you?
>> HushMail Secure Email http://www.hushmail.com/
>> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
>> Hush Business - security for your Business http://www.hush.com/
>> Hush Enterprise - Secure Solutions for your Enterprise
>http://www.hush.com/
>>
>> Looking for a good deal on a domain name?
>http://www.hush.com/partners/offers.cgi?id=domainpeople
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: Hush 2.1
>> Note: This signature can be verified at https://www.hushtools.com
>>
>> wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94
>> 8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24=
>> =DCmE
>> -----END PGP SIGNATURE-----
>>
>
>
>


Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wloEARECABoFAjyiFaYTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXMfJAJ91
Z1lKpjiGXgTDh77zsRq24wqSygCfW2KU2xVUBUA9/ORQ0mbEBiRetWc=
=XLFQ
-----END PGP SIGNATURE-----

Next message: Michal Zalewski: "Re: Re New Binary Bruteforcing Method Discovered"
Previous message: mixterat_private: "Re New Binary Bruteforcing Method Discovered"
Maybe in reply to: David Rhodus: "Re: New Binary Bruteforcing Method Discovered"
Next in thread: Michael Wojcik: "RE: New Binary Bruteforcing Method Discovered"
Next in thread: John: "Re: Re New Binary Bruteforcing Method Discovered"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 27 2002 - 12:25:17 PST