|
|
|
Choosing A Webhost: |
Re: Linux Kernel Exploits / ABFrag: msg#00194security.incidents
Curt, to unwrap burneye binaries you need know the binary password... to unwrap you can use UNFburninhell made by [ByteRage] (thanks to him). ABfrag is FAKE, so, you don't need audit that binary. Regards... Nilton Gomes -- Mensagem original -- >In-Reply-To: <20021018184346.B44C5425C@xxxxxxxxxxxxxxxxxxxxx> > > >>I smell Burneye !! ..... what do you guys think ? > >If you download the ABfrag file from >http://www.linuxsecurity.com/articles/intrusion_detection_article- >5933.html, and view or run strings on the file, you will see the burneye > >signature in the file header: > >TEEE burneye - TESO ELF Encryption Engine > >I'm wondering if there is any way to determine the burneye options used by > >analyzing the encrypted file? I doubt it, but does anyone have any >experience with this? > >Looks like we need to get brute forcing that password (could be nearly >impossible), or perhaps find a good reverse engineer. I recall reading >material by Dave Dittrich about trying to reverse engineer the x2 SSH >exploit that had been protected with burneye. I also came across an >article somewhere, perhaps on the teso website, that talked about the >sorry state of the "white hat" reverse engineers. Personally, I could not > >reverse engineer myself out of a wet paper bag. > >I'm very curious to learn more about this exploit, and would enjoy seeing > >the IDS activity discussed in the first message in this thread. Do we have > >enough to make a snort signature? Did you get an image of the systems >memory at the time of the exploit? Perhaps there is a snowballs chance in > >hell that the password used to run the executable could be recovered. > > >Curt Wilson >Netw3 Security >www.netw3.com > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > > ------------------------------------------ Use o melhor sistema de busca da Internet Radar UOL - http://www.radaruol.com.br ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Hiding IP addresses in trace data, Jose Nazario |
|---|---|
| Next by Date: | Re: Linux Kernel Exploits / ABFrag, Erik Sperling Johansen |
| Previous by Thread: | Re: Linux Kernel Exploits / ABFrag, Curt Wilson |
| Next by Thread: | Re: Linux Kernel Exploits / ABFrag, Erik Sperling Johansen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
