This is an entry for the HoneyNet Reverse Challenge.
Entrant: | Dion Mendel |
email: | quietude@iinet.net.au |
Country: | Australia |
File | Description |
---|---|
index.html | This file |
timestamp.html | Timestamp of MD5 checksums of all files listed and submitted |
summary.html | The summary for a non-technical audience, such as management or media. |
advisory.html | Advisory for a technical audience, such as administrators and incident handlers within an organization. |
analysis.html | Details showing how the analysis was obtained, showing tools and methods used. |
answers.html | Answers to the questions. |
costs.html | Incident cost-estimate. |
files/bin/decoder | Decoder required by question 3. |
bonus.html | Answers to the bonus questions. |
File | Description |
---|---|
files/bin/search_static | Searches a statically linked executable for object files |
files/bin/elfgrep.c | Component used by search_static |
files/bin/elfgrep_fixup | Component used by search_static |
files/bin/gensymbols | Generates a symbol table from object files found by search_static |
files/bin/gendump | Generates a disassembly listing of an executable |
files/bin/decomp_fixup_signs | Filters a disassembly listing from gendump by changing unsigned values to signed |
files/bin/decomp_insert_symbols | Filters a disassembly listing from gendump by inserting symbols generated by gensymbols |
files/bin/decomp_strip | Filters a disassembly listing from gendump by removing library code found by search_static |
files/bin/decomp_xref_data | Filters a disassembly listing from gendump by providing cross references to data in the .rodata section |
files/bin/decomp_xref_jumps | Filters a disassembly listing from gendump by providing cross references to conditional and unconditional jumps |
File | Description |
---|---|
files/rh_5.3.12-8.out | Results of searching for object files from RedHat 4.0 libc5 |
files/rh_5.3.12-17.out | Results of searching for object files from RedHat 4.1 libc5 |
files/rh_5.3.12-18.2.out | Results of searching for object files from RedHat 4.2 libc5 |
files/rh_5.3.12-18.5.out | Results of searching for object files from RedHat 4.2 libc5 |
files/slackware3.1.out | Results of searching for object files from Slackware 3.1 libc5 |
files/object_files | Listing of object files from Slackware 3.1 libc5 after manual conflict resolution |
files/symbols | Regenerated symbol table from object_files listing |
files/symbols.modified | Hand modified version of symbols |
files/dump4 | Disassembly listing after applying some of the decomp_* filters |
files/dump5 | Disassembly listing after applying all of the decomp_* filters |
files/dummy.dump | Disassembly listing of simple test program |
File | Description |
---|---|
files/the-binary.c | Decompiled version of the-binary |
files/jolt2.c | Original source of an attack method used by the-binary |
files/handler.c | Control program written to control the-binary |
File | Description |
---|---|
files/snort.log | Supplied packet capture data used to test the decoder for question 3 |
files/slackware3.1/libc.a.gz | libc 5 object files from Slackware 3.1 used in analysis (compressed) |
files/slackware3.1/libgcc.a.gz | gcc 2.7.2 object files from Slackware 3.1 used in analysis (compressed) |