Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Dailydave: [dave@immunityinc.com: I love the smell of Cisco remotes in the morning]

[dave@immunityinc.com: I love the smell of Cisco remotes in the morning]

From: Enno Rey <erey_at_ernw.de>
Date: Thu, 17 Apr 2008 23:21:07 +0200

List,

in the meantime we've expanded the stuff a bit. The code for SPIKE and Sulley (+ the Shmoo08 presentation) can be found here:

http://www.ernw.de/download/l2spike_04-15-08.tar.bz2
http://www.ernw.de/download/l2sulley_04-15-08.tar.bz2
http://www.ernw.de/download/l2_fuzzing_shmoo08.pdf

Most of the work has been done on Sulley scripts. Now there are some (not tested too extensively so far) on:
arp, dtp, lldp (bit fields still missing), lwapp, pvstp, udld, vtp, cdp, edp, mpls, stp, vrrp, wlccp

============

Dave, in particular for SPIKE some words below.

thanks,

Enno 

-- 
Enno Rey
Check out www.troopers08.org!
=========================================================================
New Spike L2 Version released
We are happy to announce the relase of a new Version of SPIKE_L2 Fuzzing-Framework. It mainly consists of the original
SPIKE 2.9 and a few new functions with the focus on layer 2 fuzzing.
This "add-on" for SPIKE is the output of one of our research projects. The goal of this project was to evaluate the security
of network devices and to get a better understanding of some protocols and the fuzzing process in protocol space.
The layer 2 stuff is based on libnet and like the original SPIKE 2.9 runs only on linux.
To compile just:
 ./configure
 make
=======New Functions===============
 - l2_write_data()
 - s_binary_type_and_block_size_lldp()
 - s_random_fuzz() and s_random_fuzz_repeat()
 - s_binary_selection()
 - s_string_variable_sized()
 For more details take a look at the changelog
=======Layer2 Protocol-Scripts=====
 - ARP
 - DTP
 - VTP
 - LLDP
 - MPLS
 Now layer 2 fuzzing is as easy as fuzzing on tcp or udp!
========================================================================
----- Forwarded message from Dave Aitel <dave_at_immunityinc.com> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So there was a talk at Shmoocon about modifying SPIKE 2.9 to be a decent 
fuzzer for Layer 2. During the talk they demonstrated a remote stack 
overflow in some Cisco box via some random L2 protocol I'd never heard 
of before. That was very cool. :>
This has an earlier version of their talk. At some point they're going 
to put their modified SPIKE online, so everyone can find cool L2 bugs, 
although for their newer work I believe they've switch to Sulley.
http://www.day-con.org/2007/l2_fuzzing_v099r_ger.pdf
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHuGE7tehAhL0gheoRArKqAJ9MzilSKaJI9mfZMcwHe65WEiaw1gCfQi61
LDtWk6eKuBHX5KCdmLOgzKk=
=S1Mj
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
----- End forwarded message -----
-- 
Enno Rey
Check out www.troopers08.org!
ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1
Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Received on Apr 17 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]