Vulnerability Development mailing list archives
Re New Binary Bruteforcing Method Discovered
From: mixter () 2xs co il
Date: Wed, 27 Mar 2002 18:26:46 +0100 (CET)
On Tue, 26 Mar 2002 pr0ix () hushmail com (silvio? unknown () atstake com?) wrote:
I, the great pr0ix, have discovered a new technique for bruteforcing local suid binaries on any *nix operating system, which uncovers all exploitable bugs in the application.
I'm a bit surprised to see this technique is known... I called this technique shared library interception and first implemented it this January. After some test phases, my interception code isn't laid out anymore to do direct overflows (which is nice, but too unreliable: a program can terminate because of invalid input from a library function, then you miss out on subsequent vulnerabilites through input from other functions!!!). Mine's mostly an utility to the 2XS Research Team project, BOS (Binary Overflow Scanner), which has been pre-announced already and may eventually go open source. I use it to see which library functions are used, then open a config file in proprietary BOS format from those *.so libraries and enter the functions called and kinds of data used... later, that configuration is used with BOS for better accuracy... Such an utility could also be implemented with hacked-up ltrace sources (I think, I haven't taken a look yet), but this is the easiest way to pre-configure very precise bruteforcing tools. Michal Zalewski:
Pardon me?=) Finally solved this nasty halting problem?
Oh, this is a known problem as well? :) Well, pressing CTRL+C usually does the trick. Then again, of course you can write a little program to enumerate processes in the group of the shell process running the library interception tests, then check their activity time and send them appropriate signals to continue when they stall... Anyways, this is all I myself can disclose at this time, so watch for an eventual release of BOS and other 2XS-RT material. ------------------------------- Mixter <mixter () 2xss com> Development/Consulting/Research 2xs LTD. - http://2xss.com -------------------------------
Current thread:
- Re New Binary Bruteforcing Method Discovered mixter (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Blue Boar (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: New Binary Bruteforcing Method Discovered mixter (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Matthew G. Marsh (Mar 28)
- Re[2]: New Binary Bruteforcing Method Discovered dullien (Mar 29)
- Re: Re New Binary Bruteforcing Method Discovered John (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Jeff Schaller (Mar 27)
(Thread continues...)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)