Saturday, April 30, 2005

SecurityForest.com ExploitTree

This afternoon I was researching a bot for a chapter in my latest book. I don't spend a lot of time on exploit sites because I am not a penetration tester by trade. I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last time I really looked at exploits, sites like www.hack.co.za were still around!

While searching for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bot in question, I happened to find SecurityForest.com, although cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site was announced on BugTraq in March. SecurityForest.com is an impressive piece of work. The site is essentially a giant CVS archive of attack code, called cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ExploitTree. They provide a Client Utility, which at least for UNIX, is an interface to a native CVS client. For Windows, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y provide everything you need to access a CVS server.

Here is how a session using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ExploitTree Client Utility appears under UNIX.


./ExploitTree.pl anonymous

ExploitTree Client Utility Manager v0.6
----------------------------------------

1) Initialize (first time download)
2) Update Repository
3) Print Exploit Statistics
q) Quit

> 1
Password is blank (press enter), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n wait...

Logging in to :pserver:anonymous@cvs.securityforest.com:2401/home/security/cvsroot
CVS password:
cvs login: warning: failed to open /home/richard/.cvspass for reading:
No such file or directory
cvs server: Updating ExploitTree
U ExploitTree/_SecurityForest
U ExploitTree/_Ver
U ExploitTree/bids.txt
U ExploitTree/exploit_db.txt
U ExploitTree/xsearch.pl
U ExploitTree/xsearch2-beta.pl
cvs server: Updating ExploitTree/application
U ExploitTree/application/_SecurityForest
cvs server: Updating ExploitTree/application/_uncategorized
U ExploitTree/application/_uncategorized/0verkill-exploit.c
U ExploitTree/application/_uncategorized/0x82-GNATS_sux.c
U ExploitTree/application/_uncategorized/0x82-Remote.tannehehe.xpl.c
U ExploitTree/application/_uncategorized/0x82-libCGIfpxpl.c
U ExploitTree/application/_uncategorized/101_shixx.cpp
...edited...
U ExploitTree/system/tru64/TRU64_xkb.pl
U ExploitTree/system/tru64/_SecurityForest
Quiting...

Here's an example of what one finds when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download process is finished.

janney:/home/richard/exploittree/ExploitTree$ ls
CVS bids.txt xsearch.pl
_SecurityForest exploit_db.txt xsearch2-beta.pl
_Ver network
application system
janney:/home/richard/exploittree/ExploitTree$ cd system/
janney:/home/richard/exploittree/ExploitTree/system$ ls
CVS acá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365os irix novell tru64
_SecurityForest beos linux qnx
_uncategorized bsd mac_osx sco
aix hpux microsoft solaris
janney:/home/richard/exploittree/ExploitTree/system$ cd bsd
janney:/home/richard/exploittree/ExploitTree/system/bsd$ ls
CVS _SecurityForest local remote
janney:/home/richard/exploittree/ExploitTree/system/bsd$ cd remote/
janney:/home/richard/exploittree/ExploitTree/system/bsd/remote$ ls
CVS animal.c freebsd obooptd.c rpc.autofsd.c
_SecurityForest bsdi netbuf.c openbsd stream3.c
janney:/home/richard/exploittree/ExploitTree/system/bsd/remote$ cd freebsd/
janney:/home/richard/exploittree/ExploitTree/system/bsd/remote/freebsd$ ls
CVS fbsd-DoS.c ronin.c
DSR-cfengine.pl fbsd-bnc.c turkey2.c
_SecurityForest ftpspy.c
cURL-remote-FBSD.pl ppp.c

I chose a sparsely populated set of directories. The Microsoft section is much longer.

What's nice about this set-up is that you can synchronize your local copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ExploitTree with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SecurityForest.com version using CVS.

Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r helpful exploit sites include milw0rm.com and ExploitWatch, which reports on newly available exploits by linking to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

1 comment:

red said...
This comment has been removed by a blog administrator.