Long time ago, far away after mountains and forests was living OpenSSH bug… 😉 This vulnerability existed in the authentication algorithm for GSSAPI module. Every piece of the code pinted to the pre-authentication bug…

Seriously, after a few time of research (un)fortunately this bug is directly after REAL authentication. So this is post-auth bug 🙁 One call less and this will be funny pre-authentication bug… This is the reason why this bug is useless in fact and public now 😉

Here is simple advisory 😉



by pi3

Finally! 19 of July 2011 I had defence of my Master of Degree. I pass exam from whole study at mark 5.5 (the highest mark) and defence my thesis with mark 5.5 (the highest mark) and on the diploma I’m going to have final mark 5.0 (almost the highest mark ;)). My thesis was interesting not only for me but also for my University and they want to send it to the contest 😉 My topic was: “Elaboration of an automatic system of fuzz testing technique to use in the CERN grid applications”. To be honest now I have very powerful fuzzer ;>

At the beginning of March I second time moved to Switzerland (because of my work at CERN). Before that I was working in Wroclaw Center for Networking and Supercomputing in security team. In the middle of one pentesting work me and my friends (Bartek Balcerek and Maciej Kotowicz) discovered very nice vulnerability in the TORQUE server.



by pi3

I had a long delay in posting on the blog… Several reasons made this situation:

*) When I came back from CERN to my family city I had only a few days to move to the city where I’m studying (~650 km from my family city)

*) I need to bought a car because of moving my staff to another city  (I love Toyota RAV4 – the best cars from the 2000-2005 years, unbreakable! :>)

*) I’m also studying a pedagogic

*) I had A LOT OF exams – in the both faculties ~20 exams – finally I pass everything ! 🙂



by pi3

Finally! After few months of waiting we’ve got Phrack number 67! For me this is special release. Why? My article was accepted by Phrack staff and published at this release 🙂 I’m proud of that 😉 For me Phrack magazine is a legend. I grown on this magazine, so my connection with this magazine is even stronger 😉

At first I would like to thanks blackb1rd. He helps me very much with this article. If not blackb1rd, this article will never exists at this form like it is now. You’ve got beer from me, whenever we meet 😉



by pi3

27 września odbyla sie konferencja SecDay 2010, na ktorej mimalem przyjemnosc wyglaszac swoja prelekcje “Linux vs rootkits”. Mozna ja sciagnac tutaj.

Moje wrazenia po konferencji sa pozytywne. W tym roku Lukasz postawil na Politechnike Wroclawska, na ktorej odbywaly sie wyklady. Byla to konferencja jednodniowa, ale za to za free 😉 Wystarczylo sie wczesniej zarejestrowac. Na swoim wykladzie naliczylem okolo 140 osob, wiec nie bylo zle 😉



by pi3

Today (27.07.2010) I’m going to the hospital (Hospital de la Tour) for surgery… I don’t know how long I’m going to stay in the hospital after the surgery and when I will be available… Wish me good luck!

Best regards,

Adam Zabrocki

In co-operation with Maksymilian Arciemowicz we were analysing implementation of  OPIE Authentication System on FreeBSD. The result is discovered off-by-one vulnerability in library ‘libopie’. The most interesting point of this vulnerability is a possibility to exploit it pre-auth remotely!

A lot of softwares using this library for authentication module. For example FreeBSD team change a little the source of  the OpenSSH. They added in some places the code which use the libopie 😉 The same changed code is used by DragnoflyBSD. OpenSuSe is using libopie too. Novell systems too.

We’ve analysed exploiting way in default FTP daemon for FreeBSD 8.0. Official FreeBSD’s advisory is available here.

Yesterday (30 of April) I gave a lecture in WA (White Area) at CERN. I was talking about my new project (in fact Master of Degree thesis topic). This is automated testing tool which uses fuzzing technique. It can be used for generate CLI, API, Unit, Functionally, Regression, … , tests – in fact we can use it for all types of tests. Generated programs are independent from language. It can generate output program in JAVA, C, C++, Assembler, Python, Perl, C#, … languages – we can simply add new modules for add new languages.  To be more flexible, framework used Aspect-Oriented Programming  (AOP). First beta version of framework is published on CERN svn servers. It is integrated with DPM CLI tests and works pretty well 😉



by pi3

One day I was reviewing all bugs in bugtraq IDs (popular bids). I want to know which kind of bugs is it now popular and what is the trend of modern bugs. I came to two main conclusions:

1) The most popular are SQL/XSS bugs but in 60% this is found in software which nobody knows/uses (stupid kiddie)

2) We’ve got 2010 year and there is still possible to find stack overflow bugs! The most funny thing for me there is more remote stack overflow bugs than local 🙂