-
October 5th, 2005, 10:57 AM
#1
Microsoft buggy as ever
Wrote a command line fuzzer (originally forfuzzing *nix setuid binaries),
running it on windows gave astonishing results almost every third
commandline application crashed for example expand.exe,extrac32.exe,fontview.exe,evetvwr.exe.
(only one of them poses a real threat can you guess ?)
I wonder what microsoft is upto.
The fuzzer is at
http://warl0ck.cjb.net/clfuzz.py
-
October 5th, 2005, 11:25 AM
#2
Junior Member
Fontview.exe probably a virus created by another hacker try to impersonate and windows exe?W32.OPASERV.T Virus
-
October 5th, 2005, 12:56 PM
#3
Re: Microsoft buggy as ever
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 5th, 2005, 01:29 PM
#4
you could rename to text (or zip it up) and attach here..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
October 5th, 2005, 02:23 PM
#5
I dont understand...
You wrote something for *nix...and it doesnt work with MS
Why is that MSes fault\bug.
Sounds like its "your" bug.
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 5th, 2005, 02:47 PM
#6
Fontview is not a virus and morganlefay i think you misunderstood something.
Sorry form the broken link (should have checked it)
here it is
-
October 5th, 2005, 02:57 PM
#7
Ok then
Explain it to me
sounds like the "fuzzer" is not letting go of a process...
"Crashed"
What crashed? the os? the program?
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 5th, 2005, 03:18 PM
#8
Hi
"Fuzzing" or "Fuzz testing" is one among several software testing methods,
for an example see Soda's Tutorial[1]. Looks like warl0ck7 used
a "fuzzer" of his own making to test various programs (console applications,
hence "command line"). As an effect, quite a few of them crashed.
He argues that this implies bad software development, and might
allow for possible privilege escalation.
Software testing itself is a process used to help identify the correctness,
completeness and quality of developed computer software[2]. With that in
mind, testing can never completely establish the correctness of computer
software. Only the process of formal verification can prove that there are no
defects.
Reminds me of physics We are building theoretical models and
theories and test them via verification by experiment. However,
even if all experiments we can think of agree with the predictions,
we never can be sure to have the correct theory.
Cheers
[1] http://www.antionline.com/showthread...hreadid=269650
[2] http://en.wikipedia.org/wiki/Software_testing
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
October 5th, 2005, 06:50 PM
#9
The programs that were bieng fuzzed crashed (only one program has a real vulnerability
to sensitive to be listed here).
C:\>clfuzz.py extrac32 STR
here's the output screenshot
I am on windows 2000+SP4+SP4UpdateRollUp1
-
October 6th, 2005, 06:57 AM
#10
Junior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|