lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c83481820903060756u5510d0e1t1edc44c65d032961@mail.gmail.com>
Date: Fri, 6 Mar 2009 10:56:20 -0500
From: Jeremy Brown <0xjbrown41@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: List of Fuzzers

The reason anyone writes a fuzzer is to find bugs. Those that I have
written are of course for the same purpose as the 101 listed: to find
security bugs. Your ideas are as meaningless and unhelpful as they
have been in the past. You have no goal but to troll and try to make
people look like fools, but you are clearly the ignorant one.

What have you ever written? Let us see some of your code to poke fun
of. If it is as imperfect as you then we'd have a day of fun.

>What's hilarious is that none of them are usefull :)

http://www.milw0rm.com/author/1531
http://www.milw0rm.com/author/1835

90% of the research above were found by fuzzing, and those are public.
Clearly my fuzzers are useful.

>You should really learn the protocol you want to fuzz, and develop a
>strategy before you create anything else.

Although mistakes are inevitable, and seeming how the stuff I write
are pretty coherent to the protocol, your statements, once again, are
unjustifiable. The strategy is simple: gather points of input, fuzz
them, and watch for exceptions. Obviously.

>Every fuzzer you've made use the SAME way to ""fuzz"" for differents
> app/protocol.

Because using a fuzzing oracle is a very good way to identify security
bugs. Throwing random data will surely find lots of programming
errors, but I want a shell.

> The only change i see is your last fuzzer .. written in a different
> language, but still the same way ...

Yeah, I wrote it in C, and implemented a fuzzing oracle that way. I
probably put 100 hours into it, and it gave back some nice return. As
like the others.

So, "what ever your real name is", I will continue to write fuzzers
and exploits. If you comments are meant to bend my attitude or
research rather than to troll, you don't have a chance, so get on with
your life and I will get on with mine. What a conclusion.


On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln <pete.licoln@...il.com> wrote:
> What's hilarious is that none of them are usefull :)
> You should really learn the protocol you want to fuzz, and develop a
> strategy before you create anything else.
> Every fuzzer you've made use the SAME way to ""fuzz"" for differents
> app/protocol.
>
> The only change i see is your last fuzzer .. written in a different
> language, but still the same way ...
>
> 2009/3/5 Jeremy Brown <0xjbrown41@...il.com>
>>
>> That is hilarious LOL!
>>
>> On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln <pete.licoln@...il.com>
>> wrote:
>> > 11 fuzzers matchs for Jeremy Brown on this page LOL !
>> >
>> > 2009/3/5 Krakow Labs <krakowlabs@...il.com>
>> >>
>> >> Krakow Labs maintains a current list of security driven fuzzing
>> >> technologies.
>> >>
>> >> http://www.krakowlabs.com/lof.html
>> >>
>> >> _______________________________________________
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> >
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ