Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Dailydave: Re: Latest HackInTheBox Conference Materials

Re: Latest HackInTheBox Conference Materials

From: <rd_at_segfault.net>
Date: Fri, 2 Jan 2004 05:23:16 +0000

Happy New Year Everyone!

IIRC, LSD's RPC interface decompiler (called dmidl?) was developed in
2001 (as what they said). Decompiled IDL by dmidl can be even recompiled
with Microsoft IDL compiler. Their second tool C decompiler FA is still
in alpha stage but the output in the presentation looks great (btw, have
anyone seen ilfac beta in ida pro? jc told me that it was r0x). Dont know
when they will release their tools.

RD / THC
Visit us at http://www.thc.org

On Wed, Dec 31, 2003 at 03:51:34PM -0600, H D Moore wrote:
> The HITB staff is still incredibly busy, trying to sort out the all of the
> financial cruft and organize the materials. They should have most of the
> materials online by the end of January.
>
> LSD's presentation was an in-depth look at the DCOM interface, how to
> fingerprint the OS based on the available interfaces, and a basic review
> of two tools they developed.
>
> Both of the tools presented were still being finalized at 6:00am the day
> of their talk, half of the members were up all night finishing slides and
> code (hell, so was I for the first two nights).
>
> The first tool was called "fa" for flow analysis, IIRC it was a tool for
> easily tracing user-supplied RPC parameters through compiled binaries, it
> was able to detect format string and overflow bugs in this manner.
>
> The second tool was a RPC interface decompiler. (forgot the name
> off-hand), it generated the appropriate C stubs to write a client for any
> RPC service, using just the executable. It used a number of techniques to
> scan for the the RPC structures and followed pointers around the binary
> to determine the number and type of arguments for each function in the
> RPC service.
>
> It will probably take them some time to get the code solid enough for a
> public release; the decompiler looked like it was a real bitch to write,
> mostly because of the different RPC types (different structures,
> different signatures, etc).
>
> Er so yeah, loosen up the tin foil, the HITB stuff is all volunteer-based,
> with a core team of maybe 5 people who are making up silly excuses to
> their real employers so they can finish up the post-conference stuff :)
>
> If anyone cares, the reason why the public metasploit v2.0 release is
> being held back is that I got a ton of development help at the last
> minute and am trying to sort out all the new features/bug
> fixes/organization structure. Hopefully will have something available
> within the next two weeks, I really dont want to release until the
> underlying API for the exploit modules stops changing and some docs get
> written.
>
> -HD
> _______________________________________________
> Dailydave mailing list
> Dailydave_at_lists.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://www.immunitysec.com/mailman/listinfo/dailydave
Received on Jan 02 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos