Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > forensics > 03 > 010187.html (Request Expert securityfocus.com Support)

RE: MD5 Exploit Database?

From: Chris Eagle <cseagle(at)redshift.com>
Date: Sun Jan 26 2003 - 15:45:05 EST


A potential starting point is packetstorm which publishes an md5 checksum with each file description. If you spider'ed through their site, you could pull file name/md5 pairs and plug them into a database. I have a tool I could easily modify to do this sort of thing. If it might be useful, let me know.

Chris

-----Original Message-----

From: Mark G. Spencer [mailto:mspencer@evidentdata.com] Sent: Sunday, January 26, 2003 9:35 AM
To: forensics@securityfocus.com
Subject: RE: MD5 Exploit Database?

Hi James!

I got many replies regarding known good databases, but no one replied to my question regarding a known bad database. Since there are a few very good outlets for known good hashes, but not known bad, I have enlisted some help to begin work on a known bad resource for the community.

We have a foundation to begin with from bagged web servers we've worked and some hashes of trojans and malware floating out there.

If anyone wants more (however preliminary) information, such as rationale, you can contact me directly. I'll post back soon when we actually have something up and running that people can play with.

Mark

Do you need help?X

-----Original Message-----

From: James.Holley@ey.com [mailto:James.Holley@ey.com] Sent: Saturday, January 25, 2003 7:04 PM To: Simson L. Garfinkel
Cc: Chris Reining; forensics@securityfocus.com; Mark G. Spencer; Simson L. Garfinkel; Matt Scarborough
Subject: Re: MD5 Exploit Database?

I know this thread started out with looking for a database of MD5s of known exploits. I am not aware of where that database might be. But the thread seems to have migrated to a question of hashes of known good files.

NIST produces an MD5 and SHA-1 database of over (currently) 7 million known good hashes. It is called the National Software Reference Library (NSRL). You can find references here:

http://www.nsrl.nist.gov/

James

<snip>


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Jan 27 15:21:25 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library