Showing posts with label Programming. Show all posts
Showing posts with label Programming. Show all posts

Build an exploit in low space of your stack (Egg Hunter)

KUMΞL | Wednesday, March 07, 2012 | , | 2 comments


Sometimes if we're fuzzing an application, the application crashed and our fuzzer overwrited some register of it (the values of its register was replaced with our fuzzer) even the most dangerous is our fuzzer have overwrite the values in Instruction Pointer register (IP in 16bit or EIP in 32bit) so we have full control of it resgister which causes we can change flow of that application as we want.
Why be like that? It because EIP register was using to store a memory address (which called as offset) of command to be executed at next. What will happen if we send payload to the stack of that application and then we inserting a memory address of instruction to jump into the stack on EIP register?
Our payload will execute and it's owned. ^_^
To avoid it the developer usually using an "exception" which called as Structure Exception Handling (SEH) to protect the application.

Read more »

How to read an opcode?

KUMΞL | Saturday, January 28, 2012 | | 2 comments

As a beginner, i'm usually confused about the generated shellcode by someone, sometimes i'm thinking what the mean of it, what is it a malicious or not. But after i've know the way how to read a shellcode, now i'm always try to read it before i'm using it.
For example i find a shellcode from here, they said that it's shellcode which will execute a /bin/sh, but i will check it by my self, i'm trying to read it in assembly language. We can learn the basic of assembly language from here.

Read more »

hello.asm

KUMΞL | Sunday, January 01, 2012 | | 0 comments



In naturally computer just know 0 and 1 (binnary), it will processing an instruction which created only from 0 and 1, and this stat usually call as a machine language. Assembly is a low level language and almost like as a machine language.

In machine language, if we want to save a value of an EAX register to the stack we must creating an instruction "01010000", but in Assembly we just create an instruction "PUSH EAX", that's just some differences about an assembly and machine language.

Why must we learn about an assembly language?
Because it is the most important if we want to Reverse Engineering an aplication and it was use full if we want to create our own shellcode in exploit development.

There are two ways to create a syntax in assembly, that are AT&T and NASM. AT&T syntax usually used in GNU like a GNU Assembler, and become as a default syntax in GNU Debugger (GDB), and the NASM syntax usually used a lot in windows area.
Some differeces way of create the syntax are :

Read more »

RIPS

KUMΞL | Thursday, October 20, 2011 | , | 0 comments

Yesterday when i and my team (9tails) become a finalist in a DAGELAN NETWORK SECURITY COMPETITION (GEMASTIK 2011), the panitya had give us a vulnerable web aplication and they hope it fixed by us.
Actually we could fix it with analysis the script of it one by one, but we knew it need more time and we were missing some time to test the secure of it. So our instructur (Anbu) was give us a solution, he suggest us to use RIPS.

RIPS? What is it?
RIPS is an OWAPS project which allow us to check the secure of php's script and give us some solve about that vulner. RIPS can search the vulner specified in some categories like SQL Injection, XSS, CSRF, and ect, for more information click here.
This is a screenshot of RIPS, Let's try it by your self if you're a web development.





Subscribe to: Posts (Atom)