Search Results for:
Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins that will help you speed up this process. A typical exploit writing toolkit arsenal should at […]
WPA TKIP cracked in a minute – time to move on to WPA2
Just a quick note to let you know that 2 Japanese scientists (from Hiroshima and Kobe Universities) have found a practical way to crack WPA TKIP in about one minute, using a technique called “Beck-Tews”. This technique is not new. It has been discovered by some Germans back in november, but was somewhat limited in […]
Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take advantage of SEH chains. In my examples, I have used perl to demonstrate how to build […]
Exploit writing tutorial part 3b : SEH Based Exploits – just another example
In the previous tutorial post, I have explained the basics of SEH based exploits. I have mentioned that in the most simple case of an SEH based exploit, the payload is structured like this : [Junk][next SEH][SEH][Shellcode] I have indicated that SEH needs to be overwritten by a pointer to “pop pop ret” and that […]
Exploit writing tutorial part 3 : SEH Based Exploits
In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode. The example we have used allowed us to directly overwrite EIP and we had a pretty large […]
Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode
Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP […]
Exploit writing tutorial part 1 : Stack Based Overflows
Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was […]
Spread the word ! nmap 5 released
Insecure.org has released a new major version of the free, open source “nmap” security scanner. (Don’t just call nmap a port scanner – Thanks to many improvements over the last years, nmap has become an excellent security scanner). Visit http://nmap.org/5/ for more information about this new version. Although there are roughly 600 updates in this […]
Thank you
Thank you for your donation / purchase (if you arrived back from cafepress.com) Thank you for the support. You donation will help me to keep this website up and running, and will allow me to continue to invest time and money towards development, maintaining and providing free support on the free tools that are available […]
One for the money, second one for the show…
While I was going through the archive of some ‘funny’ pictures at http://failblog.org/, I suddenly realised that I had encountered something funny a couple of years ago myself, when I was attending Blackhat in Amsterdam. When trying to get some money out of the ATM downtown Amsterdam, I noticed this on the screen of the […]
Donate
Your donation will help funding server hosting.
