Difference between revisions of "Summerschool Aachen 2005/Challenges"

From C4 Wiki
Jump to: navigation, search
Line 3: Line 3:
 
** Update: We found some exploitable bugs. --[[User:Typo|Typo]] 18:10, 20 Sep 2005 (CEST)
 
** Update: We found some exploitable bugs. --[[User:Typo|Typo]] 18:10, 20 Sep 2005 (CEST)
 
* Christian feat. Max - verBOTen - a bot that mirrors only that stuff that is protected by robots.txt
 
* Christian feat. Max - verBOTen - a bot that mirrors only that stuff that is protected by robots.txt
* Max: Exif_Thiumb finish last years project
+
* Max: Exif_Thumb finish last years project
 +
 
 +
== Open Challenges ==
 +
 
 +
*extend p0f to fingerrprint ScaPy (default) packets
 +
*find a way to fingerprint
 +
** http://www.honeyd.org/
 +
** http://nepenthes.sourceforge.net/
 +
** http://www.mwcollect.org/
 +
*Build an HTTP-Infrastructure Fingerprinting Tool
 +
*Scan our strange network, fingerprint the stuff in there, modify existing fingerprinting tools to do so
 +
*Find out how httprint works
 +
*Build a minimal DHCP Server on ScaPy
 +
*Build an Fingerprinting Tool for
 +
** dhcp
 +
** rsync
 +
** ssh
 +
** ssl
 +
* Look into timing/fingerprinting SSH
 +
** (avoidance)

Revision as of 15:50, 21 September 2005

  • Daniel & Yves - glibc 2.3.5 look at how to exploit heap-based overflows (avoiding the checks)
  • Typo & Ilja - 0wn putty
    • Update: We found some exploitable bugs. --Typo 18:10, 20 Sep 2005 (CEST)
  • Christian feat. Max - verBOTen - a bot that mirrors only that stuff that is protected by robots.txt
  • Max: Exif_Thumb finish last years project

Open Challenges

  • extend p0f to fingerrprint ScaPy (default) packets
  • find a way to fingerprint
  • Build an HTTP-Infrastructure Fingerprinting Tool
  • Scan our strange network, fingerprint the stuff in there, modify existing fingerprinting tools to do so
  • Find out how httprint works
  • Build a minimal DHCP Server on ScaPy
  • Build an Fingerprinting Tool for
    • dhcp
    • rsync
    • ssh
    • ssl
  • Look into timing/fingerprinting SSH
    • (avoidance)