ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security



> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Jean-Sebastien Guay-Leroux
> Sent: Tuesday, April 04, 2006 3:45 AM
> To: Administrator@xxxxxxxxxxxxxxxxxxxxxxx
> Cc: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] PIRANA exploitation framework and 
> SMTP contentfilter security
> 
> Hi,
> 
> I am releasing the first public version of PIRANA.
> 
> PIRANA is an exploitation framework that tests the security of a email
> content filter.  By means of a vulnerability database, the content
> filter to be tested will be bombarded by various emails containing a
> malicious payload intended to compromise the computing platform.
> PIRANA's goal is to test whether or not any vulnerability 
> exists on the
> content filtering platform.
> 
> The tool is a PERL program, which builds email and attaches malicious
> payloads generated by various exploitation codes, then sends it to the
> target.  Several techniques were developed to improve reliability and
> add discretion.  The tool is modular and it is possible to add support
> for new vulnerabilities that could emerge in the future.
> 
> 
> Right now, 5 exploitation modules are available to test your content
> filter with.  They are:
> 
> 1- LHA get_header File Name Overflow (OSVDB #5753)
> 2- LHA get_header Directory Name Overflow (OSVDB #5754)
> 3- file readelf.c tryelf() ELF Header Overflow (OSVDB #6456)
> 4- unarj Filename Handling Overflow (OSVDB #11695)
> 5- ZOO combine File and Dir name overflow (OSVDB #23460)
> 
> 
> PIRANA uses metasploit's shellcode generator to build its shellcodes.
> It also uses MIME::Lite to send the emails.
> 
> 
> A whitepaper was published that explains what are the 
> vulnerabilities of
> a SMTP content filter.  It also shows what techniques were used in
> PIRANA to improve reliability and stealthness.
> 
> 
> You can get PIRANA here:
> http://www.guay-leroux.com/projects/pirana-0.2.1.tar.gz
> 
> You can get the whitepaper here:
> http://www.guay-leroux.com/projects/SMTP%20content%20filters.pdf
> 
> 
> I hope that you will like it :-)
> 
> --
> Jean-S?bastien Guay-Leroux
> jean-sebastien at guay-leroux dot com
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 



 




Copyright © Lexa Software, 1996-2009.