LogAnalysis
[logs] FW: New tool released : Syslog Fuzzer Apr 08 2008 04:37PM
Tina Bird (tbird precision-guesswork com) (1 replies)

For those of you developing syslog implementations (hi Rainer!), as well as
us sys admins who like to stress test systems before production deployment,
the following may prove useful:

-----Original Message-----
From: jaime.blasco (at) aitsec (dot) com [email concealed] [mailto:jaime.blasco (at) aitsec (dot) com [email concealed]]
Sent: Tuesday, April 08, 2008 11:12 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: New tool released : Syslog Fuzzer

Syslog Fuzzer is a small perl script tool useful to test some attack vectors
against syslog servers.

The first version has support for:

> Buffer Overflows

> Integer Overflows

> Format Strings

Usage:

aitsec@ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -p 514

Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008

www.aitsec.com

-h : Host

-p : Port Number

Example:

aitsec@ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -h 192.1683.76 -p
514

Some ngrep traces:

#

U 192.168.3.10:43647 -> 192.168.3.76:514

<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>Apr 8 12:20:25 10.0.0.2
fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 200

8

#

#

U 192.168.3.10:43647 -> 192.168.3.76:514

<0>Apr 8 12:21:23 10.0.0.2
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%: Syslog
Fuzzer v0.1 by Jaime

Blasco (c) 2008

#

#

U 192.168.3.10:43647 -> 192.168.3.76:514

<0xffffffff>Apr 8 12:22:33 10.0.0.2 fuzzer[10]: Syslog Fuzzer v0.1 by
Jaime Blasco (c) 2008

#

For the latest version of the tool visit the project's homepage at:

http://www.aitsec.com/syslog-fuzzer.php

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
RE: [logs] FW: New tool released : Syslog Fuzzer Apr 08 2008 07:16PM
Rainer Gerhards (rgerhards hq adiscon com)


 

Privacy Statement
Copyright 2010, SecurityFocus