Hosting Provided By

re: MD5 Exploit Database?

From: H C <keydet89(at)yahoo.com>
Date: Mon Jan 20 2003 - 09:28:17 EST

Mark,

> Needless to say, there are a significant number of
what
> I would call "questionable" files on the box. Some
of
> them I can quickly identify, albeit not
authoritatively
> at this point, (e.g. httpodbc.dll), but others I
cannot.

I'd like to suggest something...that you not only MD5 these files, but also generate a SHA-1 hash for each. Also, you can perform other analysis/queries on the files, such as attempting to derive vendor information from executables, as w/ finfo.pl
(http://patriot.net/~carvdawg/perl.html).

Given compression and packing routines available, it's unlikely that you'll find any sort of comprehensive database of MD5 hashes.

If you're looking for assistance, or just want another set of eyes on the files, I'd be willing to take a look at them.

Thanks,

Carv

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 23 06:20:32 2003

This message: [ Message body ]
Next message: Jason Coombs: "RE: CRC32 vd MD5"
Previous message: John Howie: "RE: encryption question"
In reply to Mark G. Spencer: "MD5 Exploit Database?"
Next in thread: Mark G. Spencer: "RE: MD5 Exploit Database?"
Reply: Mark G. Spencer: "RE: MD5 Exploit Database?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT

Do you need help?