Comments for Corelan Team https://www.corelan.be :: Knowledge is not an object, it's a flow :: Thu, 28 Feb 2013 13:53:24 +0100 hourly 1 http://wordpress.org/?v= Comment on Exploit writing tutorial part 3 : SEH Based Exploits by wtsgoodtime https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/#comment-789 wtsgoodtime Thu, 18 Oct 2012 04:40:11 +0000 http://www.corelan.be:8800/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/#comment-789 I was able to get this to work on Win7 with some dlls from dll-files.com. The addresses were the same and I used Immunity through the entire process. Great work on mona by the way… !mona seh -n -o is making me extra lazy, but I really need to go learn to do that work manually. I used a much shorter shellcode for calc… any reason you chose the encoding that you did? Finally, I was able to get this to work while running in Immunity, but when I run it outside of a debugger, it essentially locks up my machine… mouse chops around the screen and I have to hard reboot. Any ideas what could cause that? Thanks for all your hard work.

]]> Comment on Malicious pdf analysis : from price.zip to flashplayer.exe by gilarcamar https://www.corelan.be/index.php/2010/11/18/malicious-pdf-analysis-from-price-zip-to-flashplayer-exe/#comment-788 gilarcamar Sat, 13 Oct 2012 18:37:45 +0000 http://www.corelan.be:8800/?p=5516#comment-788 why you sooooo smart brother!!!!!! :)

]]> Comment on Juniper : Setting up an IPSec VPN tunnel between a Juniper Netscreen firewall/vpn device and a Cisco VPN device by Corelan Team (corelanc0d3r) https://www.corelan.be/index.php/2007/11/17/juniper-setting-up-an-ipsec-vpn-tunnel-between-a-juniper-netscreen-firewallvpn-device-and-a-cisco-vpn-device/#comment-768 Corelan Team (corelanc0d3r) Sat, 06 Oct 2012 17:07:44 +0000 http://www.corelan.be:8800/index.php/2007/11/17/juniper-setting-up-an-ipsec-vpn-tunnel-between-a-juniper-netscreen-firewallvpn-device-and-a-cisco-vpn-device/#comment-768 please ask your questions in the forum

]]> Comment on Juniper : Setting up an IPSec VPN tunnel between a Juniper Netscreen firewall/vpn device and a Cisco VPN device by abnetwork https://www.corelan.be/index.php/2007/11/17/juniper-setting-up-an-ipsec-vpn-tunnel-between-a-juniper-netscreen-firewallvpn-device-and-a-cisco-vpn-device/#comment-767 abnetwork Sat, 06 Oct 2012 11:30:03 +0000 http://www.corelan.be:8800/index.php/2007/11/17/juniper-setting-up-an-ipsec-vpn-tunnel-between-a-juniper-netscreen-firewallvpn-device-and-a-cisco-vpn-device/#comment-767 Thanks Corelan Team for this wonderful explanation:

I want bit more explanation on this .
As you have mentioned

set route 192.168.1.0/24 interface tunnel.1 preference 20 permanent
set route 192.168.2.0/24 interface tunnel.2 preference 20 permanent

here you have routed network 192.168.1.0/24 via tunnel.1 and n/w 192.168.2.0/24 via tunnel.2
While configuring phase2 as below you have used tunnel.1 for both Autokey IKE1 and AutoKey IKE2 but remote ip used in IKE2 is 192.168.2.0/24 then how it can be work with tunnel.1 as it routed through tunnel.2
Please explain this.

Autokey IKE 1
set vpn “A-LAN1_to_B-LAN1″ gateway “GW_to_CompanyB_Cisco” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”
set vpn “A-LAN1_to_B-LAN1″ bind interface tunnel.1
set vpn “A-LAN1_to_B-LAN1″ proxy-id local-ip 10.1.1.0/24 remote-ip 192.168.1.0/24 “ANY”

Autokey IKE 2
set vpn “A-LAN1_to_B-LAN2″ gateway “GW_to_CompanyB_Cisco” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”
set vpn “A-LAN1_to_B-LAN2″ bind interface tunnel.1

set vpn “A-LAN1_to_B-LAN2″ proxy-id local-ip 10.1.1.0/24 remote-ip 192.168.2.0/24 “ANY”

Also please tell me how many tunnel interfaces and how many phase 2(Autokey IKE) we need if we have 2 souces networks(local IPs) and 1 destination(remote IPs)

Please clear how we can decide how many tunnel interfaces we need in route based VPN?
Please reply
Thanks

]]> Comment on Exploit writing tutorial part 1 : Stack Based Overflows by Computer Security: What are some resources that practically explain how you can exploit bugs or vulnerabilities over networks or websites? Like cracking a WEP system? - Quora https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#comment-766 Computer Security: What are some resources that practically explain how you can exploit bugs or vulnerabilities over networks or websites? Like cracking a WEP system? - Quora Fri, 05 Oct 2012 08:22:26 +0000 http://www.corelan.be:8800/index.php/2009/07/19/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-1/#comment-766 [...] of writing different exploits upping the bare at every new tutorialHer is the link to the first tuthttps://www.corelan.be/index.php…Embed QuoteComment Loading… • Share • Embed • Just now  Add [...]

]]> Comment on Exploit writing tutorial part 1 : Stack Based Overflows by Nickname https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#comment-754 Nickname Sat, 22 Sep 2012 19:21:09 +0000 http://www.corelan.be:8800/index.php/2009/07/19/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-1/#comment-754 Arf ! just that ;)

Thanks Peter ^_^

]]> Comment on Exploit writing tutorial part 1 : Stack Based Overflows by Corelan Team (corelanc0d3r) https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#comment-753 Corelan Team (corelanc0d3r) Sat, 22 Sep 2012 18:46:40 +0000 http://www.corelan.be:8800/index.php/2009/07/19/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-1/#comment-753 that is a diagram for linux, on windows, the stack is at a lower address

]]> Comment on Exploit writing tutorial part 1 : Stack Based Overflows by Nickname https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#comment-752 Nickname Sat, 22 Sep 2012 17:45:18 +0000 http://www.corelan.be:8800/index.php/2009/07/19/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-1/#comment-752 Hi Peter,

Fist of all thank you for all of your work, it is very helpful !

I’ve a little question about the figure :
https://www.corelan.be/wp-content/uploads/2010/08/image3.png

Why do you represent the stack above the heap ?

I see regularly diagrams representing the memory in this way:
http://www.cs.rit.edu/~hpb/Lectures/SIA/OS1/UsedGif/5_heap_and_stack.gif

It confuse me a lot ;)

Than again.

++

]]> Comment on Exploit writing tutorial part 1 : Stack Based Overflows by Corelan Team (corelanc0d3r) https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#comment-751 Corelan Team (corelanc0d3r) Sat, 15 Sep 2012 16:42:27 +0000 http://www.corelan.be:8800/index.php/2009/07/19/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-1/#comment-751 please ask your questions in the forum
thanks !

]]> Comment on Exploit writing tutorial part 1 : Stack Based Overflows by platipusy https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#comment-750 platipusy Sat, 15 Sep 2012 11:20:09 +0000 http://www.corelan.be:8800/index.php/2009/07/19/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-1/#comment-750 Thanks for this awesome tutorial..
I have a question..I’m not be able to see any related values in my esp..I’ve achieved to write eip using 40000 a’s and 5400 pattern but somehow when I entered “d esp” it always returns some other unrelated characters.My offset is 5377,so ı tried to write 45377 A,4 B and write 1000 C,my esp values never be 434343…

What is that means?Am I doing something wrong?

]]>