Posts:

Death of an ftp client / Birth of Metasploit modules

Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications. Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server. The 3 main audit/attack vectors that were used during the "project" were send back overly long responses to ftp commands / requests sent by the ftp client to the server send back a file/directory listing that contains overly long file/folder names try to download a file that has an overly long filename. Read more
Read More

Happy New Year

I would like to wish you all a Happy New Year with

– good health

– lots of fun

– lots of time to do research and learn

– the strength to share your knowledge with others

– new Read more

Read More

Script to backup Cisco switches via telnet / tftp

A couple of days ago, I have released a small perl script to back up Cisco IOS based switches via telnet.

I know there are a couple of similar scripts available on the internet, but most of them either Read more

Read More

Fuzzing with Metasploit : Simple FTP fuzzer

Just wanted to drop a quick note about the release of another free script. This time I’ve written a simple FTP fuzzer (with a little help from HDMoore) in Metasploit. You can read more about it (and download the Read more

Read More

Juniper Firewall ScreenOS Basics (CJFV)

ScreenOS Concepts & Terminology

The following document is based on ScreenOS v5.4.0r7.0

– Interface = connection to a specific subnet. An interface is assigned an IP address only if firewall is operating in L3 mode. Default interface names can Read more

Read More