lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 06 Mar 2009 18:47:18 -0500
From: bobby.mugabe@...h.com
To: full-disclosure@...ts.grok.org.uk, 0xjbrown41@...il.com
Subject: Re: List of Fuzzers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear list,

Which fuzzer on this list will help me find the most security
exploits?

Thanks,
- -bm

On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown
<0xjbrown41@...il.com> wrote:
>Don't act like you've gave any constructive advice to anyone in
>your life.
>
>Thanks for trolling, please don't come again.
>
>On Fri, Mar 6, 2009 at 6:21 PM, Pete Licoln
><pete.licoln@...il.com> wrote:
>> Ok cool, then keep it up Jeremy.
>> At least you wont be able to say no one told you.
>>
>> 2009/3/6 Jeremy Brown <0xjbrown41@...il.com>
>>>
>>> I consider you a loser, Pete/Julio/Loser.
>>>
>>> On Fri, Mar 6, 2009 at 3:03 PM, Pete Licoln
><pete.licoln@...il.com> wrote:
>>> > Well .. what i say is true.
>>> > If you cant argue on the subject then shut the hell up.
>>> >
>>> >
>>> > 2009/3/6 Rubén Camarero <rjcamarero@...il.com>
>>> >>
>>> >> Dont satisfy this idiot with a response, thats what he
>likes..
>>> >> Everybody
>>> >> knows Petie is a troll on every list just use google
>>> >>
>>> >> On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown
><0xjbrown41@...il.com>
>>> >> wrote:
>>> >>>
>>> >>> The reason anyone writes a fuzzer is to find bugs. Those
>that I have
>>> >>> written are of course for the same purpose as the 101
>listed: to find
>>> >>> security bugs. Your ideas are as meaningless and unhelpful
>as they
>>> >>> have been in the past. You have no goal but to troll and
>try to make
>>> >>> people look like fools, but you are clearly the ignorant
>one.
>>> >>>
>>> >>> What have you ever written? Let us see some of your code to
>poke fun
>>> >>> of. If it is as imperfect as you then we'd have a day of
>fun.
>>> >>>
>>> >>> >What's hilarious is that none of them are usefull :)
>>> >>>
>>> >>> http://www.milw0rm.com/author/1531
>>> >>> http://www.milw0rm.com/author/1835
>>> >>>
>>> >>> 90% of the research above were found by fuzzing, and those
>are public.
>>> >>> Clearly my fuzzers are useful.
>>> >>>
>>> >>> >You should really learn the protocol you want to fuzz, and
>develop a
>>> >>> >strategy before you create anything else.
>>> >>>
>>> >>> Although mistakes are inevitable, and seeming how the stuff
>I write
>>> >>> are pretty coherent to the protocol, your statements, once
>again, are
>>> >>> unjustifiable. The strategy is simple: gather points of
>input, fuzz
>>> >>> them, and watch for exceptions. Obviously.
>>> >>>
>>> >>> >Every fuzzer you've made use the SAME way to ""fuzz"" for
>differents
>>> >>> > app/protocol.
>>> >>>
>>> >>> Because using a fuzzing oracle is a very good way to
>identify security
>>> >>> bugs. Throwing random data will surely find lots of
>programming
>>> >>> errors, but I want a shell.
>>> >>>
>>> >>> > The only change i see is your last fuzzer .. written in a
>different
>>> >>> > language, but still the same way ...
>>> >>>
>>> >>> Yeah, I wrote it in C, and implemented a fuzzing oracle
>that way. I
>>> >>> probably put 100 hours into it, and it gave back some nice
>return. As
>>> >>> like the others.
>>> >>>
>>> >>> So, "what ever your real name is", I will continue to write
>fuzzers
>>> >>> and exploits. If you comments are meant to bend my attitude
>or
>>> >>> research rather than to troll, you don't have a chance, so
>get on with
>>> >>> your life and I will get on with mine. What a conclusion.
>>> >>>
>>> >>>
>>> >>> On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln
><pete.licoln@...il.com>
>>> >>> wrote:
>>> >>> > What's hilarious is that none of them are usefull :)
>>> >>> > You should really learn the protocol you want to fuzz,
>and develop a
>>> >>> > strategy before you create anything else.
>>> >>> > Every fuzzer you've made use the SAME way to ""fuzz"" for
>differents
>>> >>> > app/protocol.
>>> >>> >
>>> >>> > The only change i see is your last fuzzer .. written in a
>different
>>> >>> > language, but still the same way ...
>>> >>> >
>>> >>> > 2009/3/5 Jeremy Brown <0xjbrown41@...il.com>
>>> >>> >>
>>> >>> >> That is hilarious LOL!
>>> >>> >>
>>> >>> >> On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln
>>> >>> >> <pete.licoln@...il.com>
>>> >>> >> wrote:
>>> >>> >> > 11 fuzzers matchs for Jeremy Brown on this page LOL !
>>> >>> >> >
>>> >>> >> > 2009/3/5 Krakow Labs <krakowlabs@...il.com>
>>> >>> >> >>
>>> >>> >> >> Krakow Labs maintains a current list of security
>driven fuzzing
>>> >>> >> >> technologies.
>>> >>> >> >>
>>> >>> >> >> http://www.krakowlabs.com/lof.html
>>> >>> >> >>
>>> >>> >> >> _______________________________________________
>>> >>> >> >> Full-Disclosure - We believe in it.
>>> >>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>> >>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>> >>> >> >
>>> >>> >> >
>>> >>> >> >
>>> >>> >> > _______________________________________________
>>> >>> >> > Full-Disclosure - We believe in it.
>>> >>> >> > Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>> >>> >> > Hosted and sponsored by Secunia - http://secunia.com/
>>> >>> >> >
>>> >>> >>
>>> >>> >> _______________________________________________
>>> >>> >> Full-Disclosure - We believe in it.
>>> >>> >> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>> >>> >> Hosted and sponsored by Secunia - http://secunia.com/
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>>
>>> >>> _______________________________________________
>>> >>> Full-Disclosure - We believe in it.
>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Rubén Camarero
>>> >> CCNA, CISSP
>>> >>
>>> >> _______________________________________________
>>> >> Full-Disclosure - We believe in it.
>>> >> Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>> >> Hosted and sponsored by Secunia - http://secunia.com/
>>> >
>>> >
>>> > _______________________________________________
>>> > Full-Disclosure - We believe in it.
>>> > Charter: http://lists.grok.org.uk/full-disclosure-
>charter.html
>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>> >
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkmxtgcACgkQT2/djsYXr/IXigQAgDdkR+dskgmYHYPQeCcKe3QlT7xf
w0eZDSu0ecbO2vXy0oicANDezPfZDuadwtB6L8Cwoon04gfjVYxTr6GyyvW7hUmAaLt9
7GEL/Hh2/cL5rzSzz9mDNOUFrU0S8VanhMVvwjXKtFWNzAWiwfj26lvb8KVRlwfNGlP3
gVnFnbE=
=Sy3u
-----END PGP SIGNATURE-----

--
Be a Certified Nursing Assistant. Get local training today.
 http://tagline.hushmail.com/fc/BLSrjkqoiOCPCoMRK9ZgmTNsCtwOZXGIyrzJkWo3YmH0IyTAFJVy7s9Krni/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ