[logs] FW: New tool released : Syslog Fuzzer
Tina Bird
tbird at precision-guesswork.com
Tue Apr 8 09:37:35 PDT 2008
For those of you developing syslog implementations (hi Rainer!), as well as
us sys admins who like to stress test systems before production deployment,
the following may prove useful:
-----Original Message-----
From: jaime.blasco at aitsec.com [mailto:jaime.blasco at aitsec.com]
Sent: Tuesday, April 08, 2008 11:12 AM
To: bugtraq at securityfocus.com
Subject: New tool released : Syslog Fuzzer
Syslog Fuzzer is a small perl script tool useful to test some attack vectors
against syslog servers.
The first version has support for:
> Buffer Overflows
> Integer Overflows
> Format Strings
Usage:
aitsec at ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -p 514
Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
www.aitsec.com
-h : Host
-p : Port Number
Example:
aitsec at ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -h 192.1683.76 -p
514
Some ngrep traces:
#
U 192.168.3.10:43647 -> 192.168.3.76:514
<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>Apr 8 12:20:25 10.0.0.2
fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 200
8
#
#
U 192.168.3.10:43647 -> 192.168.3.76:514
<0>Apr 8 12:21:23 10.0.0.2
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%: Syslog
Fuzzer v0.1 by Jaime
Blasco (c) 2008
#
#
U 192.168.3.10:43647 -> 192.168.3.76:514
<0xffffffff>Apr 8 12:22:33 10.0.0.2 fuzzer[10]: Syslog Fuzzer v0.1 by
Jaime Blasco (c) 2008
#
For the latest version of the tool visit the project's homepage at:
http://www.aitsec.com/syslog-fuzzer.php
More information about the LogAnalysis
mailing list