Dailydave mailing list archives

Re: Ferret

From: "J.M. Seitz" <lists () bughunter ca>
Date: Tue, 6 Mar 2007 07:51:31 -0800

Ummmm....generally IMHO if someone says "hey this is proof-of-concept and
probably has bugs and we acknowledge that" why would you send a posting that
mirrors the same comment? I can honestly say that I have written PoC myself
that was exploitable, but that's not the point of doing a PoC it's to get it
out there and to put your money where your mouth is. Especially if you are
going to put a psuedo-disclaimer saying that it will most likely have
problems, do you need anything else?

Would you like a pat on the back for finding that? Why not rewrite the tool
in Java for us all so we can feel warm and fuzzy inside when we go beddy-bye
tonight.

JS 

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Phrack Senate
Omniscient
Sent: Tuesday, March 06, 2007 3:28 AM
To: Dailydave () lists immunitysec com
Subject: Re: [Dailydave] Ferret

On 3/5/07, Ronaldo Vasconcellos <ronaldo () cais rnp br> wrote:


Very interesting tool, folks.

When I sent a message to wifisec@securityfocus on Friday it was just 
an announcement made on Black Hat DC, but Maynor released the tool in 
the same day.


seepage

Errata Security: Ferret
http://www.erratasec.com/ferret.html


"probably has a remote vulnerability"
aka
"we dun know how to code proper. lulz!!! :("

Ferret-1/Ferret/http.c:
void process_simple_http(struct Seaper *seap, struct NetFrame *frame, const
unsigned char *px, unsigned length) {
        char method[16];
        ...
        x=0;
        while (i<length && !isspace(px[i])) {
                if (x < sizeof(method) -1) {
                        method[x++] = (char)toupper(px[i++]);
                        method[x] = '\0';
                }
        }

ur code getting owned in less than 60 seconds: priceless knowing that ur
code prolly has a dozen other elementary errors resulting in memory
corruption: just fucking embarassing

Some at Black Hat called it "serious fucking business".

---
phrack senate omniscient
fighting internet crime with internet rhymes fuck the high council
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Ferret Ronaldo Vasconcellos (Mar 05)
- Re: Ferret Phrack Senate Omniscient (Mar 06)
  - Message not available
    - Re: Ferret Robert Wesley McGrew (Mar 06)
  - Re: Ferret Pusscat (Mar 06)
  - Re: Ferret J.M. Seitz (Mar 06)
- <Possible follow-ups>
- Fwd: Ferret gerbil (Mar 06)