Kayıtlar

Ağustos, 2015 tarihine ait yayınlar gösteriliyor

Useful Resources - 2

Stack Smashing On A Modern Linux System Four different tricks to bypass StackShield and StackGuard protection Exploiting Format String Vulnerabilities

Some GCC Options

-O0 -> no optimization -fstack-protector -> Canary & NX bit -fno-stack-protector ->NX bit -z execstack -fstack-protector -> Canary -fstack-protector-all -> Canary & NX bit (for all functions)

“Error: Could not open /dev/vmmon: No such file or directory. Please make sure that the kernel module vmmon is loaded.” Hatası Çözümü

sudo vmware-modconfig --console --install-all

Arch Linux "invalid or corrupted database (PGP signature)" Hatası Çözümü

pacman-key --init pacman-key --populate archlinux pacman -Syy

Useful Resources

Converting a snapshot file to memory dump using the vmss2core tool (2003941)  Memory forensics: Using Volatility Toolkit to extract malware samples from memory dump  Local Linux Enumeration & Privilege Escalation Cheatsheet Searching code vulnerabilities with MSFrop

Note to Myself

Bir integer'in signed veyahut unsigned olduğu assembly kodlarından anlaşılabilir. Some common signed instructions IDIV    - Signed divide IMUL    - Signed multiply SAL    - Signed left shift SAR    - Signed right shift MOVSX    - Move, sign extend JL    -  Jump if less JLE     -  Jump if less or equal JG     -  Jump if greater JGE    -  Jump if greater or equal Some common unsigned instructions DIV    - Unsigned divide MUL    - Unsigned multiply SHL    - Unsigned left shift SHR    - Unsigned right shift MOVZX    - Move, zero extend JB    -  Jump if below JBE     -  Jump if below or equal JA    -  Jump if above JAE    -  Jump if above or equal (Kaynak: http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/19/11_lecture.pdf)

Burada Heap'in Borusu Öter!

Resim
Dün nereden çıktıysa bilmiyorum bi heap overflow'a girişesim geldi.  Protostar'ın heap challengeları ile başlayayım dedim. Unutursam diye çözümlerinide buraya yazıyorum. Heap 0 #include <stdlib.h> #include <unistd.h> #include <string.h> #include <stdio.h> #include <sys/types.h> struct data { char name[64]; }; struct fp { int (*fp)(); }; void winner() { printf("level passed\n"); } void nowinner() { printf("level has not been passed\n"); } int main(int argc, char **argv) { struct data *d; struct fp *f; d = malloc(sizeof(struct data)); f = malloc(sizeof(struct fp)); f->fp = nowinner; printf("data is at %p, fp is at %p\n", d, f); strcpy(d->name, argv[1]); f->fp(); } İki adet struct var ve main içerisinde malloc ile bunlara heap'ten yer ayırıldı