Mudge
-a moment for the color blind-
What's up here at the l0pht?
Well, hopefully most of the machines.
I know mine are up and running guys.
Actually there are a bunch of cool things
going on at The l0pht.
Check some of them out. Maybe you'll even want
to join us!
If you have any questions, exploits, etc. feel free to drop me a line - mudge@l0pht.com
Projects
How to write Buffer Overflows
mudge_buffer_overflow_tutorial.html (HTML corrected)
S/KEY Cracker's Toolkit
Of course all standard disclaimers apply here. Especially the part about me not
being responsible for any misuse of the following programs (do us all a favor an
d use these in a mature fashion).
Monkey - a tool for Monito
ring keys. Think of it as Crack for s/key.
There are a few more things I want to add to it
and a paper I'm working on in regards to the vulnerabilites. Here is a
preliminary copy of the
s/key insecurities paper.
I've been able to exploit a couple of the other methods mentioned in the paper.
If demand is strong enough I might release an entire hack-kit and (yet another)
version of the s/key package.
PS using S/KEY is still better than _not_
using skey!
Parrallel version of crack
The l0pht will soon be presenting
Alec Muffet's
crack program ported to take advantage of
PVM
and other parallel processing environments. Just a hint... you can run
PVM [Parallel Virtual Machines] on just about everything from your Linux box up through
Thinking Machine's CM series.
I'm currently looking into three different paths to handle this.
- Reading in series of static tables as this project does not have to be
tightly coupled
- Taking the source code for crypt and optimising it for parallel environments
- Creating my own extensions for the Uniform System library
Whatever the outcome I will post the source here when finished.
Big 'ol bug hunt!
Empirical testing of software with random input as distributed on various
platforms.
I got the idea to try this after browsing through an old issue
of Communications of the ACM. Back in 1990 they tested a bunch of
the software that shipped from various vendors with random data tests and
found that they were able to crash 28% of the applications (in one instance
they were able to crash the machine under a non-priveledged account).
Well, a lot has changed since 1990 but with all of the user contributed
software being shipped with systems, and knowing some of the systems
programmers, I'm willing to bet that a lot hasn't!
[you might just be surprised about how we found some SUID/SGID programs behave]
Here are the testing tools:
fuzzbox
interact
They'll be available for Download soon!
The results will be formatted and made available, upon completion, through
l0pht Heavy Industries
mudge@l0pht.com
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
hacking hacking hacking hacking hacking hacking hacking hacking hacking
s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key
s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key
s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key
s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key
s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key s-key
s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key
s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key
s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key
s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key
s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key s/key
hack hack hack hack hack hack hack hack hack hack hack hack hack hack
hack hack hack hack hack hack hack hack hack hack hack hack hack hack
hack hack hack hack hack hack hack hack hack hack hack hack hack hack
hack hack hack hack hack hack hack hack hack hack hack hack hack hack
hack hack hack hack hack hack hack hack hack hack hack hack hack hack
hack hack hack hack hack hack hack hack hack hack hack hack hack hack
security security security security security security security
security security security security security security security
security security security security security security security
security security security security security security security