The WhitePhosphorus Exploit Pack - good enough to steal!

[Dave Aitel <dave () immunityinc com>]

One of the many interesting benefits of tools like Immunity's DEPLIB[1]
<http://www.immunitysec.com/downloads/DEPLIB20_ekoparty.pdf> is that you
can create a different DEPLIB return into libc chain for each customer
you have - or for each time your run your exploit against a target. Or,
if someone copies your exploit from Python into Ruby, they are almost
always too lazy to change your DEP chain.

In the case of Metasploit's bounty program, Abyssec submitted a clear
exact copy of WhitePhosphorus <http://www.whitephosphorus.org/>'s
exploit to Metasploit:
http://dev.metasploit.com/redmine/attachments/1273/mozilla_nstreerange.rb .
(It's gone now). Realistically, MSF should probably make all submitters
sign legal documents that the code they're submitting is theirs.
Otherwise you basically end up getting SCO'd.

Immunity is of course, disappointed that Abyssec
<https://twitter.com/#%21/abysssec> chose to do this, and whoever gave
Abyssec the WhitePhosphorus pack broke the license...something we are
currently investigating.

But the good news for those of you without the WhitePhosphorus exploit
pack is that WhitePhosphorus has released their DEP-defeating chain
here: http://www.whitephosphorus.org/sayonara.txt . It's still quite
useful. And for those of you who are interested in fantastically awesome
exploits, Alex McGeorge did a great WhitePhosphorus movie here:
http://www.youtube.com/watch?v=Qiudfp2uWKI .

-dave

[1] http://www.immunitysec.com/downloads/DEPLIB20_ekoparty.pdf - this is
included in Immunity Debugger
<http://www.immunitysec.com/products-immdbg.shtml>now!

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave