Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Microsoft buggy as ever

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    188

    Microsoft buggy as ever

    Wrote a command line fuzzer (originally forfuzzing *nix setuid binaries),
    running it on windows gave astonishing results almost every third
    commandline application crashed for example expand.exe,extrac32.exe,fontview.exe,evetvwr.exe.
    (only one of them poses a real threat can you guess ?)
    I wonder what microsoft is upto.

    The fuzzer is at
    http://warl0ck.cjb.net/clfuzz.py

  2. #2
    Junior Member
    Join Date
    Sep 2005
    Posts
    19
    Fontview.exe probably a virus created by another hacker try to impersonate and windows exe?W32.OPASERV.T Virus

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: Microsoft buggy as ever

    Originally posted here by warl0ck7
    The fuzzer is at
    http://warl0ck.cjb.net/clfuzz.py
    Not anymore it seems...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    you could rename to text (or zip it up) and attach here..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I dont understand...

    You wrote something for *nix...and it doesnt work with MS

    Why is that MSes fault\bug.

    Sounds like its "your" bug.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Fontview is not a virus and morganlefay i think you misunderstood something.

    Sorry form the broken link (should have checked it)

    here it is


  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Ok then

    Explain it to me

    sounds like the "fuzzer" is not letting go of a process...

    "Crashed"

    What crashed? the os? the program?

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    "Fuzzing" or "Fuzz testing" is one among several software testing methods,
    for an example see Soda's Tutorial[1]. Looks like warl0ck7 used
    a "fuzzer" of his own making to test various programs (console applications,
    hence "command line"). As an effect, quite a few of them crashed.
    He argues that this implies bad software development, and might
    allow for possible privilege escalation.

    Software testing itself is a process used to help identify the correctness,
    completeness and quality of developed computer software[2]. With that in
    mind, testing can never completely establish the correctness of computer
    software. Only the process of formal verification can prove that there are no
    defects.

    Reminds me of physics We are building theoretical models and
    theories and test them via verification by experiment. However,
    even if all experiments we can think of agree with the predictions,
    we never can be sure to have the correct theory.

    Cheers

    [1] http://www.antionline.com/showthread...hreadid=269650
    [2] http://en.wikipedia.org/wiki/Software_testing
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  9. #9
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    The programs that were bieng fuzzed crashed (only one program has a real vulnerability
    to sensitive to be listed here).

    C:\>clfuzz.py extrac32 STR

    here's the output screenshot
    I am on windows 2000+SP4+SP4UpdateRollUp1

  10. #10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •