
Ruby For Pentesters - WIN32OLE - Shamiq
http://chargen.matasano.com/chargen/2009/9/26/ruby-for-pentesters-win32ole.html
======
tptacek
This post probably won't make sense to you unless you're a penetration tester.
Let me take a stab at some context.

Pentesting is black-box testing for security problems. Chris and Mike have
been doing a lot of pentesting of ActiveX controls. ActiveX controls are
native X86 code packaged as DLLs that run in IE. They're very horrible, but
big companies have tens of apps that rely on them.

You can think of ActiveX (AX) as the web extensions for Win32 COM, which is
the "advanced" version of OLE, which is the mechanism that allows you to embed
Excel spreadsheets in Word documents (by loading Excel as a DLL and giving it
a window context). Ruby has support for OLE and for native Windows calls with
Win32OLE.

What Chris has done here is build a system whereby he can take any AX DLL, use
Ruby to find all the AX interfaces (they're registered, because AX uses COM),
and then automatically generate a web server that will generate pathological
inputs for each of them. So basically, you drop in the AX binary, and Chris'
system automatically builds a torture test for it, without you even knowing
what the AX control does.

This isn't our idea; I'm pretty sure we stole it from HD Moore.

------
Shamiq
Matasano uses Ruby for many internal and external tools. With a little dash of
IRB, you can have a lot of fun (just ask Mike...)

~~~
tptacek
Shamiq interned with us this summer; I met him here on HN. He absolutely
kicked ass.

