[jeroen]

hi i was wondering if there were tools to find some bufferoverflows in appz.
I know of fuzzer.py , but it's only for ftp and such. Are there other good tools which pentest appz for overflows.I know i can write my own, but it's a pain in the ass i think. I ain't that good :ph34r:

[skydance]

yeah, u could try a few ;) :

http://www.securityi...s_testing.shtml

http://bfbtester.sourceforge.net/

http://www.snake-basket.de/bed.html

[fenriz_]

Although it has a higher learning curve SPIKE is great.

Available here.


A presentation from Dave Aitel at Blackhat 2002 --> Here

[go0x]

www.applicationdefense.com-Application Defense has a solid collection
of free security and programming tools, in addition to a suite of
commercial tools given to customers at no cost.


www.securesoftware.com-John Viega and his corresponding software
security company, Secure Software, is available at this site.The freeware
tool RATS is also available for download at this site.


www..fortifysoftware.com-Fortify Software's homepage contains the
latest software security news, descriptions of available products, and
support help for existing customers.


www.ouncelabs.com-Ounce Labs and its corresponding Prexis product
can be downloaded from this Web site.


www.dwheeler.com/flawfinder/-This is David Wheeler's homepage,
which has download links and tool information for Flawfinder.


www.cigital.com-The Cigital Web site is the home of the ITS4
freeware tool.

[go0x]

and don't forget (like I do) ollydbg and check on plug-ins.
.http://ollydbg.win32asmcommunity.net/

[goose]

jeroen, on Feb 23 2005, 04:03 AM, said:

hi i was wondering if there were tools to find some bufferoverflows in appz.
I know of fuzzer.py , but it's only for ftp and such. Are there other good tools which pentest appz for overflows.I know i can write my own, but it's a pain in the ass i think. I ain't that good  :ph34r:

<{POST_SNAPBACK}>

I can garauntee you that you will learn a lot more if you just do it yourself, without the help of any tools or programs. If you are having trouble learning how to write your own exploits, try reading Aleph One's Smashing The Stack For Fun And Profit, which is perhaps one of the best articles to-date on the subject and is what I learned by. However, you have to be pretty well-versed in C and you pretty much need to know the basics of x86 Assembly (although it isn't neccessarily a requirement). If you don't know C, then you may want to make it easier on yourself by picking up Perl and learning how to exploit under it, as it is generally an easier language to learn (much more relaxed in language rules) and is also easier to write exploits in when compared to C. Good luck.

[Nitron]

Are you asking about actually FINDING the holes or simply exploiting them ("simply" is a loose term in this case :P)? Both are difficult for me, but the former is something I have yet to pull off.

[Edit: WOW I didn't check the date before replying..Sorry about that]

[v3ss0n]

http://www.groar.org...er/exp-perl.txt

check this one , this is the best article which explain straight forwardly. i understood exploit coding by this and now i can do b0f exploits using perl.
IMO perl is much more easier and effcient to code exploits than C.

after that , read the phrack 49 articles.
http://www.w00w00.or...les/heaptut.txt
http://droby10.addr.com/tutorial/bof/
http://www.insecure..../smashstack.txt