Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: locating exploits in open source

From: Robert Musser <rmusser2209 () gmail com>
Date: Tue, 22 May 2012 14:56:20 -0700
Active torrent of Damn Vulnerable Linux: https://thepiratebay.se/torrent/6519397/Damn_Vulnerable_Linux_1.5_-_Infectious_Disease 

On 5/22/2012 2:44 PM, Bob Bobson wrote:
Alternatively you can attempt to locate a version ofDamn Vulnerable Linux. Although it has been discontinued and most torrents have died by now (there are still a few seeds here and there), it remains one of my personal favorites when it comes to learning about vulnerabilities. 


On 22/05/12 20:29, AK wrote:


ASLR is not your only problem under Linux. If you are using a modern
distribution (e.g. your homebox) there are loads other protections
enabled. Your best bet is to download an older one, turn off protections
where needed (via proc and via linker options) and start from there.
Userland exploitation is not beginner material with all the mitigations
enabled.

On 5/22/12 7:00 PM, Littlefield, Tyler wrote:

Thanks all for the info. I really appreciated it. Luckaly I have some
experience with asm, though it is limited. The videos are nice, though
I am going to have to supplement them with extra materials more than
usual, since I am blind and it's hard to tell what he is doing all the
time.

Anyway, again I appreciate the help. I do have a question.
If I am going to use a buffer overflow, I want to make sure I
understand this right.
If I have a function like:
void foo(char* x);
that means that I'd need to push an argument and call foo.
push eax
call foo
now that I've called foo, it's going to set up the stack:
gcc's disasm does something like:
push ebp
mov ebp, esp
so now we have:
ebp+8 >> x
ebp+4 >> return
ebp >> old ebp (?)
so lets say that I declare a static buffer (you would sub ebp, 4) for
that extra variable and it was a buffer. so if it was ebp-4, I could
store an int there.
now if I wanted to overflow that, I would have to fill ebp-4, which is
the variable, ebp which is the pointer to the old frame (explaination
there would be cool--I am kind of confused on what the "old frame"
is); is it just the point on the stack (esp) where the previous
frame's locals and that are stored? and then ebp+4. So I would have to
feed that buffer 12 bytes to overwrite the return.
so, this leads me to two final questions.
First, is there a way perhaps to return backwards? So if I could
manage to squeeze shellcode into those first 8 bytes (is that a
possibility?) I could return to that and execute that? If I return to
a funtion, how do I make that function do what I want? Being able to
run any function in the code seems nice, but calling printf for
example doesn't really do much for me. It would also require that I
somehow get my arguments on the stack.
Finally, lets say I found a function with GDB. With ASLR, is that not
guaranteed to change when I execute the program again?

Hopefully this is the right place for these questions--if not, I would
appreciate other resources where this could be asked.
Thanks,
Ty
------------------------------------------------------------------------ 
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You will
find out how to test, purchase, install and use a thawte Digital
Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------ 



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 
------------------------------------------------------------------------





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: