lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000101c65778$ae005ff0$0201a8c0@Jaluno.local>
Date: Mon, 3 Apr 2006 19:45:25 -0400
From: Jean-Sébastien Guay-Leroux <jean-sebastien@...y-leroux.com>
To: <Administrator@...eta.digitalrazor.com>
Cc: <bugtraq@...urityfocus.com>
Subject: [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security


Hi,

I am releasing the first public version of PIRANA.

PIRANA is an exploitation framework that tests the security of a email
content filter.  By means of a vulnerability database, the content
filter to be tested will be bombarded by various emails containing a
malicious payload intended to compromise the computing platform.
PIRANA's goal is to test whether or not any vulnerability exists on the
content filtering platform.

The tool is a PERL program, which builds email and attaches malicious
payloads generated by various exploitation codes, then sends it to the
target.  Several techniques were developed to improve reliability and
add discretion.  The tool is modular and it is possible to add support
for new vulnerabilities that could emerge in the future.


Right now, 5 exploitation modules are available to test your content
filter with.  They are:

1- LHA get_header File Name Overflow (OSVDB #5753)
2- LHA get_header Directory Name Overflow (OSVDB #5754)
3- file readelf.c tryelf() ELF Header Overflow (OSVDB #6456)
4- unarj Filename Handling Overflow (OSVDB #11695)
5- ZOO combine File and Dir name overflow (OSVDB #23460)


PIRANA uses metasploit's shellcode generator to build its shellcodes.
It also uses MIME::Lite to send the emails.


A whitepaper was published that explains what are the vulnerabilities of
a SMTP content filter.  It also shows what techniques were used in
PIRANA to improve reliability and stealthness.


You can get PIRANA here:
http://www.guay-leroux.com/projects/pirana-0.2.1.tar.gz

You can get the whitepaper here:
http://www.guay-leroux.com/projects/SMTP%20content%20filters.pdf


I hope that you will like it :-)

--
Jean-Sébastien Guay-Leroux
jean-sebastien at guay-leroux dot com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ