Re: MD5 Exploit Database?

From: Matt Scarborough <vexversa(at)verizon.net>
Date: Sat Jan 25 2003 - 02:46:16 EST

On Mon, 20 Jan 2003 07:25:02 -0500, "Simson L. Garfinkel" wrote <330A2916-2C72-11D7-B00F-00039303C716@lcs.mit.edu>

> Thanks for the pointer to www.knowngoods.org. Last year I was thinking

As to known goods, an "MD5 collection project," and to the original poster, it may be helpful to know Microsoft provides MD5s for its OS files, Service Packs, Hotfixes, etc., in the ANSI text file(s) UPDATE.VER accompanying each.

Examples follow for Windows 2000, but Windows XP, and Windows 2003 Server, have the same format.

\UPDATE\UPDATE.VER from Q328310_W2K_SP4_X86_EN.EXE

---

[SourceFileInfo]
<snip>
winlogon.exe=CE8EA42D39C0EB42F064BE762925CA0C,00050000089317DC,179472

             |----------- MD5 -------------| |-- Version --| |bytes|

---

\I386\UPDATE\UPDATE.VER from W2ksp3.EXE

---

[SourceFileInfo]
<snip>
winlogon.exe=96A7495C924CF3FB1D0F857093B6F61F,000500000893150A,178960

             |----------- MD5 -------------| |-- Version --| |bytes|

---

The SP3 version is 5.0.2195.5386, as in

0x0005 - 5
0x0000 - 0
0x0893 - 2195
0x150A - 5386

and bytes we know how.

Matt Scarborough 2003-01-25

> On Fri, Jan 17, 2003 at 03:01:19PM -0800, Mark G. Spencer wrote:

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sat Jan 25 12:47:07 2003