lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <40070C35.4040501@vulnscan.org>
Date: Thu, 15 Jan 2004 22:55:01 +0100
From: "Bram Matthys (Syzop)" <syzop@...nscan.org>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: OpenSSL ASN.1 parsing bugs PoC / brute forcer

Hi,

exactly a week ago Mark Lachniet asked on the list(s)
for PoC code for the OpenSSL ASN.1 parsing bugs
( http://www.openssl.org/news/secadv_20030930.txt ).
I replied and gave details on how I made my brute
forcer for that but didn't provide a PoC due to
ugly code (and actually.. other reasons too).

Since then, several people have mailed me off-list
for it and I haven't seen any other PoC yet..
so I've now decided to release it anyway :)

Feel free to modify/rip it off/etc.
If you got any positive results or made some
kind of improved version, please let me know.

Have fun,

	Syzop.

View attachment "sslexp.c" of type "text/plain" (7846 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ