Exploits
Useful exploits for use in reverse code engineering...
12 files
-
A Crackers Guide to Buffer Overflow
By Teddy Rogers
This text assumes that you know what is the buffer and what is the exploit, it will just show you a very simple way of exploiting the buffer overflows.
Buffer Overflows nowadays have become something very common in the world of security and every EMag writes articles or sends notifications about new buffer exploits that have been discovered lately and sometimes the company of the product with such exploit release a patch or a new whole version of their product if it was unable to fix it. Buffer Exploiting is really dangerous if you know how to use it for your own, you may get into someone PC with only an IP addr and some garbage code (so to speak) if there was some kind of bug in the browser coding or the system itself.. you may crash someone PC with a simple .vbs file you pretend to say that its a very interesting coding or crash someone graphic card if a game was vulnerable to some kind of data.. especially over a network, so gamers, watch out the devil within!
217 downloads
0 comments
Updated
-
Anti-Emulation Through Time-Lock Puzzles
By Teddy Rogers
A common anti-emulation trick is to introduce loops that take a relatively long time to compute. The loop may in fact take so long to emulate that the antivirus scanner gives up.
This paper formalises this approach, using a well-known system from the cryptographic literature called time-lock puzzles. In essence, a packed binary can be quickly created by an attacker which is guaranteed to require a predefined and easily adjustable number of computationally expensive operations to rebuild a cryptographic key. This key is then used in a strong cryptographic cipher to decrypt the next stage.
Although this approach bears some similarity to the brute-force guessing of keys used by the 1998 IDEA.6155 virus, it permits a completely adjustable workload, and guarantees no shortcuts are possible.
It could pose a serious nuisance to AV emulators if such a method was included as the middle stage of a polymorphic packer. This could be mitigated by blacklisting the packer, since there is no reason why legitimate software would be packed in a way that significantly delays execution, though care would need to be taken as the "puzzle" solving code is exactly the same as RSA encryption/decryption.
114 downloads
0 comments
Submitted
-
Exploit Writing - Stack Based Overflows
By Teddy Rogers
This tutorial will explain what Buffer Overflow is, and how attackers can inject malicious code due to software bugs.
The exploit will be implemented on vulnerable version of Easy RM to MP3 Converter Version 2.7.3.7.00
Tools used:
Immunity Debugger (XP SP3)
Python (XP SP3)
Metasploit (Kali-linux)
151 downloads
0 comments
Submitted
-
JIT Spraying and Mitigations
By Teddy Rogers
With the discovery of new exploit techniques, novel protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for exploitation. Attackers, however, have recently researched new exploitation methods which are capable of bypassing the operating systems memory mitigations. One of the newest and most popular exploitation techniques to bypass both of the aforementioned security protections is JIT memory spraying, introduced by Dion Blazakis.
In this article we will present a short overview of the JIT spraying technique and also novel mitigation methods against this innovative class of attacks. An anti-JIT spraying library was created as part of our shellcode execution prevention system.
109 downloads
0 comments
Submitted
-
Learn Stack Overflow Exploitation (1-2)
By Teddy Rogers
Parts one and two video tutorials showing a method of exploiting the stack.
145 downloads
0 comments
Submitted
-
Non-Executable Stack ARM Exploitation
By Teddy Rogers
This paper describes several techniques that exploit stack-based buffer overflows with the purpose of familiarizing the reader with ARM exploitation in the modern age, where the ARM stack is not executable. This research was made with the purpose of demonstrating the risks facing modern ARM devices and to suggest solutions to prevent them.
98 downloads
0 comments
Submitted
-
Security Mitigations for Return-Oriented Programming Attacks
By Teddy Rogers
With the discovery of new exploit techniques, new protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for vulnerability exploitation. Attackers, however, have recently developed new exploitation methods which are capable of bypassing the operating systems security protection mechanisms.
In this paper we present a short summary of novel and known mitigation techniques against return-oriented programming (ROP) attacks. The techniques described in this article are related mostly to x86-321 processors and Microsoft Windows operating systems.
100 downloads
0 comments
Submitted
-
Smashing The Stack For Fun And Profit
By Teddy Rogers
Over the last few months there has been a large increase of buffer overflow vulnerabilities being both discovered and exploited. Examples of these are syslog, splitvt, sendmail 8.7.5, Linux/FreeBSD mount, Xt library, at, etc. This paper attempts to explain what buffer overflows are, and how their exploits work.
Basic knowledge of assembly is required. An understanding of virtual memory concepts, and experience with gdb are very helpful but not necessary. We also assume we are working with an Intel x86 CPU, and that the operating system is Linux.
Some basic definitions before we begin: A buffer is simply a contiguous block of computer memory that holds multiple instances of the same data
type. C programmers normally associate with the word buffer arrays. Most commonly, character arrays. Arrays, like all variables in C, can be declared either static or dynamic. Static variables are allocated at load time on the data segment. Dynamic variables are allocated at run time on the stack. To overflow is to flow, or fill over the top, brims, or bounds.
We will concern ourselves only with the overflow of dynamic buffers, otherwise known as stack-based buffer overflows.
127 downloads
0 comments
Submitted
-
Smashing the Stack in 2010
By Teddy Rogers
Computer security nowadays is an issue that has a strong impact in all the ICT world. For instance, let us just think that the number of threats discovered in 2009 is about 30-35M, having an exponential increase with respect to previous years (according to an estimation of Kaspersky Labs over its users 1. However, the aspect that will be discussed in this document is related to a particular type of vulnerabilities called Buffer Overflows. In detail, what will be investigated is the behaviour of Buffer Overflow in modern Linux and Windows architectures, taking up the work that AlephOne did in his famous paper, and try to refashion it to the present, considering also for example, all the protections that the software companies have introduced into their products in order to counter the Buffer Overflow phenomenon. In fact, the issues that AlephOne analyzed in the far 1996 are very different from what a researcher that nowadays wants to retrace his footsteps would find: however, a lot has been done in order to mitigate this problem but this is absolutely not enough. First of all we are going to analyze all the basical theoretical aspects behind the concept of Buffer Overflows: in this way words as pointers, opcodes, shellcodes will be less mysterious and can help the reader to understand the content of this work. Subsequently the paper will analyze in detail all the aspects and mechanisms that regulate the way in which Buffer Overflow works on Linux and Windows architectures taking with particular care also the countermeasures introduced until nowadays for both the mentioned operating systems. In addition, for some of them we are going also to try some tricks to bypass these protections, in order to exploit the vulnerability even if a countermeasure has been adopted in the modern operating systems.
89 downloads
0 comments
Submitted
-
Stack Overflow Exploitation Explained
By Teddy Rogers
As I have already done a video tutorial and an IRC Lecture (which was some what limited), I decided I would write this paper.
This paper will go through both the theory and the exploitation of stack-based buffer overflows for the Windows (32bit) platform. I will also be discussing how to find stack overflow vulnerabilities.
I hope that this paper is easy enough for beginners to understand, yet at the same time I hope it will give them a decent grasp of basic Stack Overflow exploitation.
124 downloads
0 comments
Submitted
-
The Memory Sinkhole
By Teddy Rogers
In x86, beyond ring 0 lie the more privileged realms of execution, where code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on these "negative" rings, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes. Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that's gone unnoticed for 20 years. Exploiting the vast, unexplored wasteland of forgotten x86 features, we demonstrate how to jump malicious code from ring 0 into the deepest, darkest realms of the processor. The attack is performed with an architectural 0-day built into the silicon itself, and directed against a uniquely vulnerable string of code widely deployed on modern systems.
104 downloads
0 comments
Submitted
-
Token Kidnapping's Revenge
By Teddy Rogers
This document describes some Microsoft Windows elevation of privilege vulnerabilities, how they were found with the use of simple tools and how they can be exploited. Starting with a little security issue that then leads to more significant vulnerabilities finding. All the vulnerabilities detailed here are not publicly know at the time of this document release.
96 downloads
0 comments
Submitted
-
Download Statistics