lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20080408161218.12232.qmail@securityfocus.com>
Date: 8 Apr 2008 16:12:18 -0000
From: jaime.blasco@...sec.com
To: bugtraq@...urityfocus.com
Subject: New tool released : Syslog Fuzzer

Syslog Fuzzer is a small perl script tool useful to test some attack vectors against syslog servers.
The first version has support for:
 > Buffer Overflows
 > Integer Overflows
 > Format Strings

Usage:

aitsec@...ntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -p 514

          Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
                www.aitsec.com

                -h   : Host

                -p   : Port Number

Example:

aitsec@...ntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -h 192.1683.76  -p 514

Some ngrep traces:

#
U 192.168.3.10:43647 -> 192.168.3.76:514
  <AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>Apr 8 12:20:25 10.0.0.2 fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 200
  8
#

#
U 192.168.3.10:43647 -> 192.168.3.76:514
  <0>Apr 8 12:21:23 10.0.0.2 %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%: Syslog Fuzzer v0.1 by Jaime
   Blasco (c) 2008
#

#
U 192.168.3.10:43647 -> 192.168.3.76:514
  <0xffffffff>Apr 8 12:22:33 10.0.0.2 fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
#

For the latest version of the tool visit the project's homepage at:

http://www.aitsec.com/syslog-fuzzer.php

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ