This is an entry for the HoneyNet Reverse Challenge.
| Entrant: | Dion Mendel |
| email: | quietude@iinet.net.au |
| Country: | Australia |
| File | Description |
|---|---|
| index.html | This file |
| timestamp.html | Timestamp of MD5 checksums of all files listed and submitted |
| summary.html | The summary for a non-technical audience, such as management or media. |
| advisory.html | Advisory for a technical audience, such as administrators and incident handlers within an organization. |
| analysis.html | Details showing how the analysis was obtained, showing tools and methods used. |
| answers.html | Answers to the questions. |
| costs.html | Incident cost-estimate. |
| files/bin/decoder | Decoder required by question 3. |
| bonus.html | Answers to the bonus questions. |
| File | Description |
|---|---|
| files/bin/search_static | Searches a statically linked executable for object files |
| files/bin/elfgrep.c | Component used by search_static |
| files/bin/elfgrep_fixup | Component used by search_static |
| files/bin/gensymbols | Generates a symbol table from object files found by search_static |
| files/bin/gendump | Generates a disassembly listing of an executable |
| files/bin/decomp_fixup_signs | Filters a disassembly listing from gendump by changing unsigned values to signed |
| files/bin/decomp_insert_symbols | Filters a disassembly listing from gendump by inserting symbols generated by gensymbols |
| files/bin/decomp_strip | Filters a disassembly listing from gendump by removing library code found by search_static |
| files/bin/decomp_xref_data | Filters a disassembly listing from gendump by providing cross references to data in the .rodata section |
| files/bin/decomp_xref_jumps | Filters a disassembly listing from gendump by providing cross references to conditional and unconditional jumps |
| File | Description |
|---|---|
| files/rh_5.3.12-8.out | Results of searching for object files from RedHat 4.0 libc5 |
| files/rh_5.3.12-17.out | Results of searching for object files from RedHat 4.1 libc5 |
| files/rh_5.3.12-18.2.out | Results of searching for object files from RedHat 4.2 libc5 |
| files/rh_5.3.12-18.5.out | Results of searching for object files from RedHat 4.2 libc5 |
| files/slackware3.1.out | Results of searching for object files from Slackware 3.1 libc5 |
| files/object_files | Listing of object files from Slackware 3.1 libc5 after manual conflict resolution |
| files/symbols | Regenerated symbol table from object_files listing |
| files/symbols.modified | Hand modified version of symbols |
| files/dump4 | Disassembly listing after applying some of the decomp_* filters |
| files/dump5 | Disassembly listing after applying all of the decomp_* filters |
| files/dummy.dump | Disassembly listing of simple test program |
| File | Description |
|---|---|
| files/the-binary.c | Decompiled version of the-binary |
| files/jolt2.c | Original source of an attack method used by the-binary |
| files/handler.c | Control program written to control the-binary |
| File | Description |
|---|---|
| files/snort.log | Supplied packet capture data used to test the decoder for question 3 |
| files/slackware3.1/libc.a.gz | libc 5 object files from Slackware 3.1 used in analysis (compressed) |
| files/slackware3.1/libgcc.a.gz | gcc 2.7.2 object files from Slackware 3.1 used in analysis (compressed) |