Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] [fuzzing] Vulnerable test application: Simple Web

from [Ari Takanen] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] [fuzzing] Vulnerable test application: Simple Web Server (SWS)
Date: Fri, 14 Sep 2007 22:37:28 +0300 
Thanks Gadi,

Good stuff. Only problem we are having with it that it keeps crashing
even with all the vulnerabilities disabled in the GUI. This makes
verifying the findings a bit harder. :)

E.g. disable all vulnerabilities in the GUI and try sending this
through netcat to SWS and voila!

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Connection: Keep-Alive
Content-Length: -1
Host: www.example.com:80
User-Agent: Mozilla/4.0 (compatible; Codenomicon HTTP Server Test Tool; Windows 
NT 5.1; 11549; http11-content-length-v-int)

Best regards,

Ari Takanen & Jari Tauriainen (who did the dirty testing work)

PS. "This web server MUST NEVER BE USED ON THE INTERNET" - couldn't agree
more, even with all the intended vulnerabilities disabled. ;)

PPS. Seriously, Good Work! We need more neutral non-critical test
targets like this. ;)

On Mon, Sep 10, 2007 at 12:00:02PM -0500, 
fuzzing-request@whitestar.linuxbox.org wrote:

Date: Mon, 10 Sep 2007 01:06:29 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>

Every once in a while (last time a few months ago) someone emails one of 
the mailing lists about searching for an example binary, mostly for:

- Reverse engineering for vulnerabilities, as a study tool.
- Testing fuzzers

Some of these exist, but I asked my employer, Beyond Security, to release 
our test application, specific for testing fuzzing (built for the beSTORM 
fuzzer). They agreed to release the HTTP version, following their 
agreement to release our ANI XML specification.

The GUI allows you to choose what port your want to run it on, as well as 
which vulnerabilities should be "active".

It is called Simple Web Server or SWS, and has the following 
vulnerabilities:

    1. Off-By-One in Content-Length (Integer overflow/malloc issue)
    2. Overflow in User-Agent
    3. Overflow in Method
    4. Overflow in URI
    5. Overflow in Host
    6. Overflow in Version
    7. Overflow in complete packet
    8. Off By One in Receive function (linefeed/carriage return issue)
    9. Overflow in Authorization Type
   10. Overflow in Base64 decoded
   11. Overflow in Username of authorization
   12. Overflow in Password of authorization
   13. Overflow in Body
   14. Cross site scripting

It can be found on Beyond Security's website, here:
http://www.beyondsecurity.com/sws_overview.html

Thanks,

Gadi Evron.


-- 
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Ari Takanen                       Codenomicon Ltd.
ari.takanen@codenomicon.com       Tutkijantie 4E
tel: +358-40 50 67678             FIN-90570 Oulu
http://www.codenomicon.com        Finland
PGP: http://www.codenomicon.com/codenomicon-key.asc
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Full-disclosure] [fuzzing] Vulnerable test application: Simple Web Server (SWS), Ari Takanen <=
Previous by Date:  Re: randomizing keyboard input, Jerome Athias
Next by Date:  Re: Anonymizing Packets yet ensuring 0 % packet loss, Vivek P
Previous by Thread:  randomizing keyboard input, Cypher
Next by Thread:  Extracting credentials from pcap, David
Indexes:  [Date] [Thread] [Top] [All Lists]