KUMEL'S NOTE

As a beginner, i'm usually confused about the generated shellcode by someone, sometimes i'm thinking what the mean of it, what is it a malicious or not. But after i've know the way how to read a shellcode, now i'm always try to read it before i'm using it.
For example i find a shellcode from here, they said that it's shellcode which will execute a /bin/sh, but i will check it by my self, i'm trying to read it in assembly language. We can learn the basic of assembly language from here.

In naturally computer just know 0 and 1 (binnary), it will processing an instruction which created only from 0 and 1, and this stat usually call as a machine language. Assembly is a low level language and almost like as a machine language.

In machine language, if we want to save a value of an EAX register to the stack we must creating an instruction "01010000", but in Assembly we just create an instruction "PUSH EAX", that's just some differences about an assembly and machine language.

Why must we learn about an assembly language?
Because it is the most important if we want to Reverse Engineering an aplication and it was use full if we want to create our own shellcode in exploit development.

There are two ways to create a syntax in assembly, that are AT&T and NASM. AT&T syntax usually used in GNU like a GNU Assembler, and become as a default syntax in GNU Debugger (GDB), and the NASM syntax usually used a lot in windows area.
Some differeces way of create the syntax are :

Hem, i had never did it before, but i'll try it.
My firs step is searching some tools which there is in my PC, and i've found "fcrackzip".
Can it work? i'll know if i've try it.

Now look a manual using of it with command :
root@victim:~# fcrackzip -h
fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/
USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack
methods compiled in (* = default):
 0: cpmask
 1: zip1, TARGET_CPU=0
 2: zip2, TARGET_CPU=0, USE_MULT_TAB
 3: zip3, TARGET_CPU=5
 4: zip4, TARGET_CPU=5, USE_MULT_TAB
 5: zip5, TARGET_CPU=6
*6: zip6, TARGET_CPU=6, USE_MULT_TAB

Yesterday when i and my team (9tails) become a finalist in a DAGELAN NETWORK SECURITY COMPETITION (GEMASTIK 2011), the panitya had give us a vulnerable web aplication and they hope it fixed by us.
Actually we could fix it with analysis the script of it one by one, but we knew it need more time and we were missing some time to test the secure of it. So our instructur (Anbu) was give us a solution, he suggest us to use RIPS.

RIPS? What is it?
RIPS is an OWAPS project which allow us to check the secure of php's script and give us some solve about that vulner. RIPS can search the vulner specified in some categories like SQL Injection, XSS, CSRF, and ect, for more information click here.
This is a screenshot of RIPS, Let's try it by your self if you're a web development.