2008-02-20 03:03:28
By Tim Brown
It's been a while since I last posted anything here, so I thought I'd do a quick brain dump of things I've been working on. If you're a regular visitor to these parts, hopefully you'll spot that the site has had a makeover, however since it's not just the look that matters, I've upgraded it to latest version which you can find in the CVS tree linked to from the downloads page. Whilst it's by no means user friendly hopefully, it's it's getting there little by little. Anyway, onwards...
Debian-Sec has a bunch of new packages, including DirBuster, Nipper and Phrasendrescher. I also did a little triage with the Debian security team on an interesting vulnerability, but more on that some other time
Those of you that know me, will know that I'm a bit of a fan of fuzzing as a method of finding shallow bugs quickly. Well, I've been playing with UNIX sockets recently, and it's interesting stuff. I was hoping that someone would have written a fuzzer for them, but alas not so I hacked up THC's amap to fingerprint them. Whilst I didn't find a fuzzer, I did however discover unix2tcp which functions rather like netcat, only over UNIX sockets:
root@host:~# ./utelnet /var/run/dirmngr/socket # Home: /etc/dirmngr # Config: /etc/dirmngr/dirmngr.conf OK Dirmngr 1.0.1 at your service help # NOP # CANCEL # OPTION # BYE # AUTH ... root@host:~#
One for your pentesting toolkit.
Anyway, it's getting late so I'll wrap it up for now, but hopefully I've whet your appetite for more...
Mood: Tired
Music: Nothing playing right now
You are unknown, comment
2008-02-22 06:10:20
debian
© unknown
you are welcome to do more debian security bug triaging with us :) drop me a mail if you have time and need more details. cheers - nion