Re: VisualBasic auditing

From: Voguemaster (hydraxat_private)
Date: Wed Feb 19 2003 - 09:55:47 PST

Next message: gr00vy: "Re: VisualBasic auditing2"

Previous message: Jeff Moss: "Call For Papers Announcement: Black Hat Briefings Amsterdam"
In reply to: Some d00d: "VisualBasic auditing"
Next in thread: Kayne Ian (Softlab): "RE: VisualBasic auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well,

As for VB auditing there are several things that one can do.
For starters, the best VB analysis tool is definately Numega's
SmartCheck. Even without sources it can pretty much analyze what
the program is doing.
Now, security vulnerabilities in the VB VM aside, the only other
places to look for are interactions of the VB program with the
environment in which it is running. For example, using external
resource of any kind can pose a security threat. Exchanging data
with other components (mainly client programs or otherwise untrusted
input sources) is hazardous as well. It will be worth looking
into how good of an implementation there is in this program.
Remember, unexpected behavious can occur in all sorts of way, not
only exploiting an unchecked buffer. As for the oldest trick in the
book (almost), if there is communication with an external resource
which is not written in VB, who knows.
BTW, it is possible to crash a VB program or create some sort of DoS
on it. The VM handles it pretty well enough but a vulnerability in
the software itself is still a vulnerability.

SmartCheck and other tools can be used to audit the program. For
PCODE programs you'd have to approach the matter differently. Probably
using some sort of decompiler. Even debuggers can be used (SoftIce comes
to mind) if you're experienced enough not to get lost in the
bloated code of a VB application.

Eli

On Sun, 16 Feb 2003 19:12:32 +0000, Some d00d <shavidiat_private> wrote:

>
>
>
>
>
>
> Hi folks
>
>
>
>
>
>
>
>
>
> I am auditing some network application and a
>
> significant number of them are written in MS Visual
>
> Basic. Have anyone done some work on exploiting VB
>
> software before? I assume that traditional methods such
>
> as buffer overflows will not work here.
>
>
>
>
>
>
>
>
>
> Are there any tools around for this (such as VB
>
> disassemblers and de-scramblers)?
>
>
>
>
>
> Can you point me to any sources of information?
>
>
>
>
>
>
>
>
>
> Thanks in advance, SD
>
>

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Next message: gr00vy: "Re: VisualBasic auditing2"
Previous message: Jeff Moss: "Call For Papers Announcement: Black Hat Briefings Amsterdam"
In reply to: Some d00d: "VisualBasic auditing"
Next in thread: Kayne Ian (Softlab): "RE: VisualBasic auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 08:44:28 PST