Monday, September 19, 2011

Updated Peach Tutorial

A friend of the Corelan Team, Pyoor, has written some excellent documentation on Peach. I think this is some of the best, most complete documentation I have seen yet on file fuzzing with Peach.

Make sure you check it out :

Sunday, June 5, 2011

Updated Pastenum

I updated pastenum today and added some instructions on how to install it in Backtrack 5. Find that and more over at


Thursday, March 24, 2011

Pastenum – Pastebin/pastie enumeration tool

When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.
Today, we want to present a tool that can be added to your reconnaissance toolkit.
Text dump sites such as pastebin and allow users to dump large amounts of text for sharing and storage.
As these sites become more popular the amount of sensitive information being posted will inevitably increase.
Pastenum is designed to help you find that information and bring it into one easy to read location.
The hope is it will allow internal security teams to run simple queries about their companies and determine if they have sensitive information residing in one of these text dumps. It will also help pen-testers with the recon phase by allowing them to enumerate more data faster.
In order to do so, it uses a series of search queries for keywords, provided by the pentester.  Since it queries public sources (and not the target network itself), this should be stealth to the target.

Hacker Trail Mix - Appalachian Institute of Digital Evidence

I gave a talk at AIDE winter meeting February 18th. The talk was ment to be many rapid fire topics being covered in a short amount of time. Below is a list of the stuff I can remember talking about:

Pastenum (Preview)
DNS Zone Transfers

Friday, January 7, 2011

Simple File Format Fuzzing

Originally Posted: SUNDAY, JULY 11, 2010 AT 1:20PM

A member of the Corelan forums, CodeZer0, ask for a short tutorial on file fuzzing. In particular he wanted to know how we would find the bug from CorelanCoders first Exploit Development tutorial in EASY RM to MP3.

Fuzzing with Peach - Running the Fuzz - Part 3

Originally Posted: FRIDAY, JUNE 11, 2010 AT 8:15PM

Now that you have peach installed and a peach pit written its time to fuzz something. I'm sure you can guess what I have been fuzzing (look in the exploit section). With Peach I have found 2 different Denial Of Service bugs in solarwinds free tftp server in 2 weeks. This highlights the importance of internal application fuzzing before a product is released. If they had used my basic pit they would have found both bugs prior to release.

Fuzzing with Peach - The Peach Pit - Part 2

Originally Posted: SUNDAY, MAY 23, 2010 AT 3:21PM

In my last post I showed you how to install the peach fuzzing framework. The next step is to set up our configuration file called the peach pit. The peach pit is an XML files that lays out the protocol we are going to fuzz. In this case I am going to stick with TFTP. The author of peach, Michael Eddington, provides an auto complete library for use with Microsoft Visual Studio(free) which helps with the pit generation process immensely. I recommend you download and install it if you plan on working with peach pits on a regular basis.

Fuzzing with Peach - Install - Part 1

Originally Posted: THURSDAY, MAY 20, 2010 AT 7:36PM

According to the author of peach, Michael Eddington, peach is "a SmartFuzzer that is capable of performing both generation and mutation based fuzzing." What I have found in my short time using is that it might be the most useful fuzzer I have used to date. Once you understand the basics of the configuration files, or peach pits, you will discover how easy it is to modify and re-use code for rapid fuzzing development. Not to mention peaches ability to stop and restart crashed process for "set it and forget it" fuzzing.

Fuzzing and Exploit Development with Metasploit - Louisville Metasploit Class

Originally posted on: TUESDAY, MAY 4, 2010 AT 5:17PM

On May 8th the Kentucky ISSA held a training in Louisville, KY. I was asked to teach the section on Fuzzing and Exploit Development. Having only an hour to cover this VERY complex topic I demonstrated a basic buffer overflow. We start with fuzzing and go through the basic steps of development. This is an old, well known exploit but it demonstrates the important principles. Feel free to follow along with the videos and post any questions in the comments section.