| Real Name | Pedram Amini |
|---|---|
| Email address | private |
| Website | pedram.openrce.org |
| First Active | 2002-05-10 |
| Last Active | 2011-05-07 |
This brief whitepaper is called Fuzzing Frameworks. It is an excerpt from “Fuzzing: Brute Force Vulnerability Discovery” published by Addison-Wesley Professional.
7a58b127bbb01a9480084e31c4e546867fef99e12d372503e69b1e430a85cf50A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Database Service, rds.exe, which binds to TCP port 1530.
b35ddf22dfed2acfe23b890459bbb716db5b8a870f760c3daf55fac1b650ebadCA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.
0f9b632a8194e66912be70699b2b63b542bb327aadc02228f6f4671e2435c7caA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Business Objects Crystal Reports. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two specific functions available in this control results in an exploitable stack based buffer overflow.
e24ae113a22f3a7a7506ceb077927a8ccada365b76855ce78837eb1e93290125A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Rendezvous / XMPP (Extensible Messaging and Presence Protocol) messaging subsystem. Trillian locates nearby users through the '_presence' mDNS (multicast DNS) service on UDP port 5353. Once a user is registered through mDNS, messaging is accomplished via XMPP over TCP port 5298.
2fbe961a03444391b1fc35b9482c4017e92353628e9ec1605fa9996224f7441bThese vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the eng50.dll library.
63da17fc2b11d30b0183ecabd7487368709d4188640674209fe69ac0bfe2c32aMultiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the StCommon.dll library and are reachable remotely through a DCE/RPC endpoint on TCP port 5168 bound to by the service SpntSvc.exe.
2538733d750d9c2baaf8646c834988989befa2641962eda5f35f1d05adb574baA vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected. OpenView Client Configuration Manager version 1.0 is affected.
44a89aa95a1bae411c8bdd385cbc8355ab9385be996a42c9eee2149f0069b9e6A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserver Backup. Authentication is not required exploit this vulnerability and both the client and server are affected. The problem specifically exists within the handling of long messages received over the Mailslot named 'CheyenneDS'. As no explicit MaxMessageSize is supplied in the call to CreateMailslot, an attacker can cause an exploitable stack-based buffer overflow.
c63b9f680348a05a9c714b24b61cca1344e26cdd1b743becb2ce05d8cbabd78dA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability and both client and servers are affected. The problem specifically exists within DBASVR.exe, the Backup Agent RPC Server. This service exposes a number of vulnerable RPC routines through a TCP endpoint with ID 88435ee0-861a-11ce-b86b-00001b27f656 on port 6071. The most trivial of the exposed vulnerabilities results in an exploitable stack overflow.
6db0cdce65e6bfa48946db5e30be84d72faec9442b55e745fae38640005bc4f1A vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.
d8d3c87b1ba6bb1e1400f579fa2ee1f092e95d727fbaf20eac30d77c0be0dd20The eIQnetworks Enterprise Security Analyzer suffers from multiple vulnerabilities that allow remote attackers the ability to execute arbitrary code.
0c958ba0e58c280878e97816e04c3b684803e7205a47ff82e11b381192278831Slides from the PaiMei presentation given at RECON2006. PaiMei is a reverse engineering framework consisting of multiple extensible components. T
79d922cf0e59a4d205fd7c3a5de2dfe26ffd04a589e92b01772f64ecd60c715cPaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more.
f027a3b0b418697874b0a94638fd5384a09eea2e16778ac1bf21c0ea708b4c9aThe Microsoft SRV.SYS driver suffers from a memory corruption flaw when processing Mailslot messages. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.
7ecbc9c470fe349666dc38c15db04ebb879ba6bf0f07f04da1973e974ec14ce4iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a denial of service vulnerability in Trend Micro Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the target process to consume 100% of available CPU resources. The problem specifically exists within ServerProtect EarthAgent in the handling of maliciously crafted packets transmitted with the magic value \x21\x43\x65\x87 targeting TCP port 5005. A memory leak also occurs with each received exploit packet allowing an attacker to exhaust all available memory resources with repeated attack. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.
9bfc7d11f02284f37766b9dc9b287113f0e17149f9dbd9f529e9d3d436cff490iDEFENSE Security Advisory 09.01.05-2 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows unauthenticated attackers to execute arbitrary code with the privileges of the underlying user. iDEFENSE has confirmed the existence of the vulnerability in the latest version of Novell NetMail, version 3.5.2. It is suspected that earlier versions of NetMail are also affected.
f2cbaf9e51063add484b80d860008619bf019d716f633dd213c3d1184df5168eProcess Stalker is a software package that combines the process of run-time profiling, state mapping, and tracing. Consisting of a series of tools and scripts, the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.
3a30d65f7bdbc70cfcc59dcf2aa597d2a0f5acd7981ba4815857853a58aae382iDEFENSE Labs release of the OllyDbg Breakpoint Manager, an OllyDbg plug-in developed to address some shortcomings of the built-in breakpoint management functionality. The plug-in provides three main functions - breakpoint exporting, breakpoint importing and automatic breakpoint loading. Offsets are used in place of absolute addresses to support setting and restoring breakpoints on modules that move around in memory.
6f0b6e17aaf43ea3a8cfa6eeaa0d4e8024a305c86be77798b68c8152896b0253This IDC script will scan through an IDA database locating and marking the relevant RPC server data structures. It will then enumerate the dispatch routines from the DispatchTable. The script outputs the addresses of the discovered structs / functions and was designed to automate the otherwise tedious manual process of locating RPC routines to audit.
09a462953000492e97d310f1b0d80939c4d23e6a76122104321941414c268117Built on top of the IDA Function Analyzer, pGRAPH (Pedram's Grapher), provides an interface to generate more detailed and user defined control-flow graphs using the bundled Wingraph package. Extended features include: support for chunked functions, instruction level coloring, edge customization (manhattan vs splines), layout algorithm and more.
e884794cd3dfa8188c3837653c79596619bda49502f9fe0b4395d9e6fd15a5b0Written as a C++ class, Function Analyzer was originally developed to provide an abstracted layer over chunked functions frequently found in Microsoft optimize compiled binaries. As of IDA version 4.7 much of this functionality is built into the SDK. However, Function Analyzer can be used to construct plug-ins compatible across older versions and provides abstracted next_ea()/prev_ea() routines for stepping through an internal unchunked instruction list. The abstraction layer also exposes the following function-level information: basic block enumeration (nodes, edges), call count, MD5 hash, CRC and customizable GDL (Wingraph) generation.
e45937cff22b0b58d2d2f6281711df2324ba077e1b6057559639aaee26a72207IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information. Included in the source release is a C++ class providing IDA Pro plugin developers with an abstracted asynchronous I/O interface.
a8ace8b8c3a60a7793256dfbcfd40b4789f253acf72167fdee3968a049b8502cDnshijacker v1.3 is a libnet/libpcap based DNS sniffer/spoofer. A versatile tool, it supports tcpdump-style filters that allow you to specifically target victims. DNS answers are forged based on entries in a 'fabrication table' or by simply forging one answer to all requests. DNS Hijacker is an excellent tool for blocking and removing advertisements at the network level. The package comes with a default rule file for blocking about 780 known ad servers, as well as instructions on how to incorporate with RRDTool for ad blocking statistics generation. Archived prank: here. Future versions will be ported to use Libnet 1.1.0.
4040cb211860bec4dd43af09e157da25ebd20189d35884c11639d281ef7cd16a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed