Hosting Provided By

RE: MD5 Exploit Database?

From: Merino, Inigo (ISP) <IMerino(at)NA2.US.ML.com>
Date: Tue Jan 21 2003 - 14:52:16 EST

Mark,

A good md5 database is the NSRL by NIST (http://www.nsrl.nist.gov). I believe it is free for distribution, but if you can't find someone who already has it, you can order it in a CD from them for $95. It contains hash sets for every MS OS, some hacker tools and Trojans, most Windows apps, games, etc.

HTH, -Inigo

On Fri, Jan 17, 2003 at 03:01:19PM -0800, Mark G. Spencer wrote:
> I'm working on a server that has been "owned" for over a year. Needless
to
> say, there are a significant number of what I would call "questionable"
> files on the box. Some of them I can quickly identify, albeit not
> authoritatively at this point, (e.g. httpodbc.dll), but others I cannot.
>
> If I MD5 the collection of questionable files, is there a database I can
> cross-reference my MD5's against to authoritatively identify what these
> things are? I understand I may end up with some unknowns depending on how
> the executables were compressed and/or wrapped.

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 23 06:29:13 2003

This message: [ Message body ]
Next message: Kurt Seifried: "Re: CRC32 vd MD5"
Previous message: forensics(at)auscert.org.au: "Re: MD5 Exploit Database?"
In reply to Mark G. Spencer: "MD5 Exploit Database?"
Reply: Jack Crone: "Re: MD5 Exploit Database?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT