Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 5 Apr 2006 10:34:41 +0400
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcZXeK4Ae4Y8+VvYTxWcOsFVV1LqFgBAk98g
Thread-topic: [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security

> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Jean-Sebastien Guay-Leroux
> Sent: Tuesday, April 04, 2006 3:45 AM
> To: Administrator@xxxxxxxxxxxxxxxxxxxxxxx
> Cc: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] PIRANA exploitation framework and 
> SMTP contentfilter security
> 
> Hi,
> 
> I am releasing the first public version of PIRANA.
> 
> PIRANA is an exploitation framework that tests the security of a email
> content filter.  By means of a vulnerability database, the content
> filter to be tested will be bombarded by various emails containing a
> malicious payload intended to compromise the computing platform.
> PIRANA's goal is to test whether or not any vulnerability 
> exists on the
> content filtering platform.
> 
> The tool is a PERL program, which builds email and attaches malicious
> payloads generated by various exploitation codes, then sends it to the
> target.  Several techniques were developed to improve reliability and
> add discretion.  The tool is modular and it is possible to add support
> for new vulnerabilities that could emerge in the future.
> 
> 
> Right now, 5 exploitation modules are available to test your content
> filter with.  They are:
> 
> 1- LHA get_header File Name Overflow (OSVDB #5753)
> 2- LHA get_header Directory Name Overflow (OSVDB #5754)
> 3- file readelf.c tryelf() ELF Header Overflow (OSVDB #6456)
> 4- unarj Filename Handling Overflow (OSVDB #11695)
> 5- ZOO combine File and Dir name overflow (OSVDB #23460)
> 
> 
> PIRANA uses metasploit's shellcode generator to build its shellcodes.
> It also uses MIME::Lite to send the emails.
> 
> 
> A whitepaper was published that explains what are the 
> vulnerabilities of
> a SMTP content filter.  It also shows what techniques were used in
> PIRANA to improve reliability and stealthness.
> 
> 
> You can get PIRANA here:
> http://www.guay-leroux.com/projects/pirana-0.2.1.tar.gz
> 
> You can get the whitepaper here:
> http://www.guay-leroux.com/projects/SMTP%20content%20filters.pdf
> 
> 
> I hope that you will like it :-)
> 
> --
> Jean-S?bastien Guay-Leroux
> jean-sebastien at guay-leroux dot com
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
>

Prev by Date: [security-alerts] FW: [SA19521] Internet Explorer Window Loading Race Condition Address Bar Spoofing
Next by Date: [security-alerts] Fwd: [SA19534] ClamAV Multiple Vulnerabilities
Previous by thread: [security-alerts] FW: [SA19521] Internet Explorer Window Loading Race Condition Address Bar Spoofing
Next by thread: [security-alerts] Fwd: [SA19534] ClamAV Multiple Vulnerabilities
Index(es):
- Date
- Thread