Vulnerability Development mailing list archives
Re: Re: New Binary Bruteforcing Method Discovered
From: pr0ix () hushmail com
Date: Wed, 27 Mar 2002 10:56:22 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like to defend myself on this matter. Yes, I did write this code. Yes, it has been in circulation since I shared it with my hacking group. Someone must have leaked it at some point in time. It was brought to my attention a few weeks ago that someone had placed their name on my code, one of the reasons that I decided to give it to the community, so that proper credit would be attributed to myself. Please stop spreading lies about me. I'm working hard to establish myself in this industry, and I don't need fools like yourself trying to discredit me. It isn't like my past associations with hack.co.za aren't hurting my current job search. And yes, I am looking for a really good job. . . - - pr0ix /msg pr0ix on efnet On Tue, 26 Mar 2002 14:15:11 -0500, David Rhodus <sdrhodus () wildcatblue com> wrote:
You didn't write this code. This has been passed around for over a year now. ----- Original Message ----- From: <pr0ix () hushmail com> To: <vuln-dev () securityfocus com> Cc: <blueboar () thievco com> Sent: Tuesday, March 26, 2002 12:39 PM Subject: New Binary Bruteforcing Method Discovered-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I, the great pr0ix, have discovered a new technique for bruteforcing local suid binaries on any *nix operating system, which uncovers all exploitable bugs in the application. Attached is a simple example program, which is verbosely and clearly commented, which details the methodology which I have discovered. A more indepth article on my technique should be appearing in the next issue of Phrack. If you are unfamiliar with the concept of fuzztesting, I suggest that you take a look at the following applications: [1] FuzzerServer, http://www.atstake.com/research/tools/FuzzerServer.zip [2] SPIKE, http://www.atstake.com/research/tools/spike-v1.8.tar.gz [3] Sharefuzz, http://www.atstake.com/research/tools/sharefuzz1.0.tar.gz and, further reading on early fuzztesting techniques can be found at: [4] http://www.cs.wisc.edu/~bart/fuzz/fuzz.html - - - pr0ix /msg pr0ix on efnet ps: silvio, I want to be you, or at least with you! Hush provide the worlds most secure, easy to use online applications -which solution is right for you?HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprisehttp://www.hush.com/Looking for a good deal on a domain name?http://www.hush.com/partners/offers.cgi?id=domainpeopleHush provide the worlds most secure, easy to use online applications -which solution is right for you?HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprisehttp://www.hush.com/Looking for a good deal on a domain name?http://www.hush.com/partners/offers.cgi?id=domainpeople-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wloEARECABoFAjygtEgTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXIh7AJ94 8O3Q/MFS/yq3kfnVbuGDLzWY2ACfZjWFMk6zalm8i/av2VblPbMWi24= =DCmE -----END PGP SIGNATURE-----
Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wloEARECABoFAjyiFaYTHHByMGl4QGh1c2htYWlsLmNvbQAKCRASrkttp6jTXMfJAJ91 Z1lKpjiGXgTDh77zsRq24wqSygCfW2KU2xVUBUA9/ORQ0mbEBiRetWc= =XLFQ -----END PGP SIGNATURE-----
Current thread:
- New Binary Bruteforcing Method Discovered pr0ix (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 26)
- Re: New Binary Bruteforcing Method Discovered David Rhodus (Mar 26)
- <Possible follow-ups>
- Re: Re: New Binary Bruteforcing Method Discovered pr0ix (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Liedtke Goetz (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Charles 'core' Stevenson (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michael Wojcik (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 28)
- Re: New Binary Bruteforcing Method Discovered Blue Boar (Mar 28)