| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: trpz at broken.org (n d)
Subject: duck
this is sample code for a new block handling system called duck.
-------------------------------------------------------------
#!/usr/bin/perl
use Socket;
require 'block.pl';
@m = ("PROPFIND","PROPPATCH","MCOL","PUT","DELETE","LOCK","UNLOCK");
$h = $ARGV[0];
foreach $k (@m) {
&d_start_block($k);
&d_append_string($k,"$k /meep/duck.htm HTTP/1.0\r\n\r\n");
#&d_print_block($k);
$s = sockaddr_in(80, inet_aton($h)) || die "meep\n";
socket (S, PF_INET, SOCK_STREAM, getprotobyname('TCP')) || die "meep\n";
if(connect(S, $s)) {
$j = \*S;
&d_write_block_fh($k,$j);
print "*** WRITTEN\n";
@b = <$j>;
foreach (@b) {
print;
if($_ =~ /Method/i || $_ =~ /Allowed/i || $_ =~ /Supported/i) {
print "$k NEGATIVE\n";
}
print "$k WEBDAV ARE LOOKING GOOD\n";
}
} else {
print "copuld not connect\n";
}
&d_end_block($k);
}
-------------------------------------------------------------------
duck allows you to build strings made up of binary data, unicode, integers and norml ascii strings as well as allows you to parse them to a wide range of filehandle handling code. the first version of duck should be completed by the end of the month, and the source will be released under a license that allows me to keep control of the source but allow worthy additions. if you would like the preliminary version feel free to contact me.
if you want to read more about this idea, www2.immunitysec.com and look for dave aitels paper about SPIKE and using blocks of data in fuzzing situations.
Powered by blists - more mailing lists