KUMEL'S NOTE

As a beginner, i'm usually confused about the generated shellcode by someone, sometimes i'm thinking what the mean of it, what is it a malicious or not. But after i've know the way how to read a shellcode, now i'm always try to read it before i'm using it.
For example i find a shellcode from here, they said that it's shellcode which will execute a /bin/sh, but i will check it by my self, i'm trying to read it in assembly language. We can learn the basic of assembly language from here.

In naturally computer just know 0 and 1 (binnary), it will processing an instruction which created only from 0 and 1, and this stat usually call as a machine language. Assembly is a low level language and almost like as a machine language.

In machine language, if we want to save a value of an EAX register to the stack we must creating an instruction "01010000", but in Assembly we just create an instruction "PUSH EAX", that's just some differences about an assembly and machine language.

Why must we learn about an assembly language?
Because it is the most important if we want to Reverse Engineering an aplication and it was use full if we want to create our own shellcode in exploit development.

There are two ways to create a syntax in assembly, that are AT&T and NASM. AT&T syntax usually used in GNU like a GNU Assembler, and become as a default syntax in GNU Debugger (GDB), and the NASM syntax usually used a lot in windows area.
Some differeces way of create the syntax are :

Hem, i had never did it before, but i'll try it.
My firs step is searching some tools which there is in my PC, and i've found "fcrackzip".
Can it work? i'll know if i've try it.

Now look a manual using of it with command :
root@victim:~# fcrackzip -h
fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/
USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack
methods compiled in (* = default):
 0: cpmask
 1: zip1, TARGET_CPU=0
 2: zip2, TARGET_CPU=0, USE_MULT_TAB
 3: zip3, TARGET_CPU=5
 4: zip4, TARGET_CPU=5, USE_MULT_TAB
 5: zip5, TARGET_CPU=6
*6: zip6, TARGET_CPU=6, USE_MULT_TAB

Yesterday when i and my team (9tails) become a finalist in a DAGELAN NETWORK SECURITY COMPETITION (GEMASTIK 2011), the panitya had give us a vulnerable web aplication and they hope it fixed by us.
Actually we could fix it with analysis the script of it one by one, but we knew it need more time and we were missing some time to test the secure of it. So our instructur (Anbu) was give us a solution, he suggest us to use RIPS.

RIPS? What is it?
RIPS is an OWAPS project which allow us to check the secure of php's script and give us some solve about that vulner. RIPS can search the vulner specified in some categories like SQL Injection, XSS, CSRF, and ect, for more information click here.
This is a screenshot of RIPS, Let's try it by your self if you're a web development.

If we want to create new account at some network aplication, we usually found some field to secure question.
The secure question used to resset password if we have forgotten the password of that account, but with the simple answer of secure question everyone can use it as a way to owned our account.

For example:
Vince make a problem with Andre, and Andre don't like Vince cause she haven't sorry about that problem. And Andre make a plan to owned all of Vince account.
Andre knows that Vince have an account in a social networking, so he make a fake account of that social networking with name Anton and try to close by Vince without Vince knows about Anton is Andre. (with social engineering tehnique)
After Vince believe that Anton is real.
And then Andre try to owned Vince's mail cause Andre had think there are more private information and some private mail in Vince's inbox mail. The simple way which Andre knew is reset password with secure question of Vince's account.

Now Andre go to mail server where Vince have account there, He opens feature forgot password which there's in that site, he's choosing secure question mode and try answer the question.
Example question is Where are your father born?
If andre didn't know the answer, he can direct ask it to Vince though Anton's account. Which one else way :
Anton : Where are you from Vince?
Vince : Tokyo
Anton : Is your father from there too?
Vince : No, my father born in Yokohama.