Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Home  Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). Confidence 2013 5% Off any SANS course Use Code: SecuriTeam_5 Hack In Paris La Nuit du Hack Subjects of Interest: Vulnerability Management SQL Injection Buffer Overflows Active Network Scanning Fuzzing Fuzzer Report Network Security Network Scanner Pen Testing Security Scanner	MP3 TAG Fuzzer 18 Nov. 2008     Credit: The information has been provided by Jeremy Brown. Free Website Security Scan Free Fuzzer Report Vulnerability Assessment Detect web app vulnerabilities University study comparing the top Accurate and automated scanning Get guidance from professionals. 6 commercially availble fuzzers. for networks of any size.    Details Protect your website! Free Trial, Nothing to install. No interruption of visitors. www.beyondsecurity.com/vulnerability-scanner The following tool will generate invalid MP3 files which in turn can be used to test different types of software for MP3 handling related vulnerabilities. Tool: #!/usr/bin/perl # Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com] # mpTREY - MP3 Fuzzer [MP3::TAG --> INSTALL IT FROM CPAN] # ROFFLES SUPERCALIMP3OWNAGE =) use MP3::Tag; use Getopt::Std; @overflow = ('A' x 8200, 'A' x 11000, 'A' x 110000, 'A' x 550000, 'A' x 1100000, 'A' x 2200000, 'A' x 12000000, "\0x99" x 1200); @fmtstring = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",               "%s%p%x%d", "%.1024d", "%.1025d", "%.2048d", "%.2049d", "%.4096d", "%.4097d",               "%99999999999s", "%08x", "%%20n", "%%20p", "%%20s", "%%20d", "%%20x",               "%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%", "\0xCD" x 50, "\0xCB" x 50); @numbers = ("0", "-0", "1", "-1", "32767", "-32768", "2147483647", "-2147483647", "2147483648", "-2147483648",             "4294967294", "4294967295", "4294967296", "357913942", "-357913942", "536870912", "-536870912",             "1.79769313486231E+308", "3.39519326559384E-313", "99999999999", "-99999999999", "0x100", "0x1000",             "0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xffff", "0xfffffffe", "0xfffffff", "0xffffffff",             "0x10000", "0x100000", "0x99999999", "65535", "65536", "65537", "16777215", "16777216", "16777217", "-268435455"); @miscbugs = ("test|touch /tmp/ZfZ-PWNED|test", "test`touch /tmp/ZfZ-PWNED`test", "test'touch /tmp/ZfZ-PWNED'test", "test;touch /tmp/ZfZ-PWNED;test",              "test&&touch /tmp/ZfZ-PWNED&&test", "test|C:/WINDOWS/system32/calc.exe|test", "test`C:/WINDOWS/system32/calc.exe`test",              "test'C:/WINDOWS/system32/calc.exe'test", "test;C:/WINDOWS/system32/calc.exe;test", "/bin/sh", "C:/WINDOWS/system32/calc.exe",              "%0xa", "%u000", "//AAAA" x 250, "\\AAAA" x 250); getopts('t:f:', \%opts); $target = $opts{'t'}; $mp3file = $opts{'f'}; if(!defined($target) || !defined($mp3file)) {      print "\n mpTREY - mp3 fuZZer";      print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]";      print "\n Usage: $0 -t <targetapp> -f <file.mp3>\n\n";      exit(0); }      print "\n mpTREY - mp3 fuZZer";      print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n"; print "\nmpTREY: FUZZING '$target' with '$mp3file' [STAGE->1(title)]"; print "\n"; foreach(@overflow) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->title_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->title_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@miscbugs) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->title_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "mpTREY: FUZZING '$target' with '$mp3file' [STAGE->2(artist)]"; print "\n"; foreach(@overflow) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->title_set("normal"); # set normal currenttag-1 $mp3->artist_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->artist_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@miscbugs) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->artist_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "mpTREY: FUZZING '$target' with '$mp3file' [STAGE->3(album)]"; print "\n"; foreach(@overflow) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->artist_set("normal"); # set currenttag-1 back to 'normal' $mp3->album_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->album_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@miscbugs) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->album_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "mpTREY: FUZZING '$target' with '$mp3file' [STAGE->4(year)]"; print "\n"; foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->album_set("normal"); # set currenttag-1 back to 'normal' $mp3->year_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@numbers) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->year_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "mpTREY: FUZZING '$target' with '$mp3file' [STAGE->5(comment)]"; print "\n"; foreach(@overflow) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->year_set("1"); # set currenttag-1 back to 'normal' $mp3->comment_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->comment_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@miscbugs) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->comment_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "mpTREY: FUZZING '$target' with '$mp3file' [STAGE->6(track)]"; print "\n"; foreach(@overflow) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->comment_set("normal"); # set currenttag-1 back to 'normal' $mp3->track_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->track_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@numbers) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->track_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@miscbugs) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->track_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "mpTREY: FUZZING '$target' with '$mp3file' [STAGE->7(genre)]"; print "\n"; foreach(@overflow) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->track_set("1"); # set currenttag-1 back to 'normal' $mp3->genre_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@fmtstring) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->genre_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } foreach(@miscbugs) { $fuzz = $_; $mp3 = MP3::Tag->new($mp3file); $mp3->genre_set($fuzz); $mp3->update_tags(); $mp3->close(); system $target $mp3file; } print "\n"; exit;  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles 'Apache mod_rewrite Vulnerability PoC' 'netsniff-ng - A Linux Network Analyzer and Networking Toolkit' 'Simple Local File Inclusion Exploiter' 'NiX A Linux Brute Forcer' 'Nchop - A TCP Session Splicing Tool Used to Rvade Intrusion Detection Systems' 'Netifera - Modular Open Source Platform for Security Tools' 'WarVOX - Tools for Exploring, Classifying, and Auditing Telephone Systems' 'Webshag - Web Server Audit Tool' 'Browser Fuzzer' 'FSpy - Linux Filesystem Activity Monitoring' 'telnetrecon - Telnet Recon' 'Zerowine Sandbox' 'JPEG Fuzzer' 'VNC Server Fuzzer' 'RSH Fuzzer' 'Exomind' 'Browser Rider' 'MP3 TAG Fuzzer' 'PDFuzzer - PDF File Standard Fuzzer' 'Miranda - UPNP Administration and Audit Tool'  Featured Articles 'MP3 TAG Fuzzer' 'ArpON - ARP Management System' 'PktAnon - Packet Trace Anonymization Tool' 'The Cookie Tools' 'SWFIntruder - Analyzing and Testing Security of Flash' 'SSHatter - SSH Password Brute Forcer' 'FireMaster - Firefox Master Password Recovery' 'BackTrack - a Linux Live Distribution Focused on Penetration Testing' 'MD5CRACK - MD5 Bruteforce Tool' 'Technika - Attack Scripting Environment' 'Windows Live Messenger v8 Password Finder' 'XSS Shell' 'ASP Auditor - Identify Vulnerable ASP.NET Servers' 'SWAAT Web Application Analysis' 'John The Ripper MPI Patch' 'loggy - Advanced Log Cleaner' 'GZIP_Encoding - Tools for Simple Manipulation of Gzip Encoding HTTP Transfers' 'objdump2shellcode - Convert Objdump Into Shell Code' 'r57-pid-check' 'ARP Tools - Collection of ARP Utilities'
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®