Vulnerability Development mailing list archives

New Binary Bruteforcing Method Discovered

From: pr0ix () hushmail com
Date: Tue, 26 Mar 2002 09:39:40 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I, the great pr0ix, have discovered a new technique for bruteforcing local
suid binaries on any *nix operating system, which uncovers all exploitable
bugs in the application.  Attached is a simple example program, which is
verbosely and clearly commented, which details the methodology which I
have discovered.  A more indepth article on my technique should be
appearing in the next issue of Phrack.

If you are unfamiliar with the concept of fuzztesting, I suggest that you
take a look at the following applications:

[1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip
[2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz
[3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz

and, further reading on early fuzztesting techniques can be found at:

[4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html

- - - pr0ix
 /msg pr0ix on efnet

ps: silvio, I want to be you, or at least with you!



Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94
8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24=
=DCmE
-----END PGP SIGNATURE-----

Attachment: super-fuzz-tester.c
Description:

Attachment: super-fuzz-tester.c.sig
Description:

Current thread:

New Binary Bruteforcing Method Discovered pr0ix (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 26)
- Re: New Binary Bruteforcing Method Discovered David Rhodus (Mar 26)
- <Possible follow-ups>
- Re: Re: New Binary Bruteforcing Method Discovered pr0ix (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Liedtke Goetz (Mar 27)
  - Re: New Binary Bruteforcing Method Discovered Charles 'core' Stevenson (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michael Wojcik (Mar 28)
  - RE: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 28)
  - Re: New Binary Bruteforcing Method Discovered Blue Boar (Mar 28)