Writing Buffer Overflow Exploits - a Tutorial for Beginners 1. Memory Note: The way we describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and roughly applies to Sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory that are not supposed to be overwritten by arbitrary input and making the process execute this code. To see how and where an overflow takes place, let us look at how memory is organized. - Code segment, data in this segment are assembler instructions that the processor executes. - Data segment, space for variables and dynamic buffers - Stack segment, which is used to pass data (arguments) to functions and as a space for variables of functions. 2. memory address code 0x8054321 <main+x> pushl $0x0 0x8054322 call $0x80543a0 <function> 0x8054327 ret 0x8054328 leave ... 0x80543a0 <function> popl %eax 0x80543a1 addl $0x1337,%eax 0x80543a4 ret What happens here? In this case, our return address is 0x8054327. 3.
BLADE - Block All Drive-by Download Exploits SELinux and UML Virtual Hosting Blog » LockBox Computing: 25 Free Tools To Encry It’s not breaking news that hackers can easily figure out how to gain access to unsecured information on your system–emails, chat sessions, phone calls, and files are all vulnerable. What many people don’t know is that there are a number of free tools available that make it easy to fight back. Protect your valuable information with these encryption tools. Instant Messaging: IMsecure: Keep your IM conversations private with IMsecure’s message encryption. Passwords: Password Encryption: Save your passwords in this encrypted file. VoIP: Zfone: Paul Zimmerman’s Zfone allows you to make encrypted phone calls online. Remote Access: OpenVPN: Get secure VPN, WiFi, remote access and more with this solution. Email: Private Post Desktop: This email encryption software makes it easy to send secure email. Chat: TrilogyEC: Encrypt chat, IM and file transfers with TrilogyEC. Communications: Files: FileVault: Create self extracting and self decrypting files. Hard Drive: Text: Data: Various: New here?
.:[ d4 n3wS ]:. Are you familiar with white hat hacking? If you aren’t, you should be. White hat hacking is a planned attack that checks your systems for vulnerabilities. After the hacker successfully (and harmlessly) compromises your environment, they tell you what to do to fix it. Even though most security loopholes are well-documented, I’m surprised how many open exploits are in applications that we security scan here at INetU. So stand by for a little White Hat Hacking 101, where I’ll teach you how to hack into your own site. Hack One: Injection Attacks I’ll start with injection exploits because most IT professionals, even though they have cursory basic understanding of the dangers, leave too many sites open to the vulnerability, according to the Open Web Applications Security Project (OWASP). Find a page on your application that accepts user-supplied information to access a database: A login form, signup form, or “forgot password” form is a good start. Hack Two: PHP Remote File Includes
Scanning Web Applications That Require Authentication Web applications that manage sensitive data are usually protected with either basic or form-based authentication. Nessus can be configured with the appropriate credentials for these authentication schemes as they relate to web application testing. This post covers these authentication schemes in-depth, and explores some of the potential problems you may experience when scanning with credentials and how to overcome them. Basic Authentication For web applications, or sections of web applications, that require basic authentication, you can enter one username and password pair that Nessus can use each time it is prompted for credentials. It is important to note that the password in this case could be sent in clear-text, or most likely Base64 encoded depending on the encryption method implemented by the web server. Without successful authentication, none of these pages and CGI programs would be tested for vulnerabilities. Form Based Authentication
Plone releases fixes for 24 vulnerabilities Web Services Security Checklist I am a big fan of checklists in any relatively complex system that has to be delivered under time crunch, like say Web Services, the checklist can save your bacon. If you hired me to work on your project I would use this Web Services Security Checklist to verify standards, mechanisms, and implementation throughout the SDL My partner Pat Christiansen likes to say that architecture artifacts are for communication as much as for engineering. A checklist is a simple artifact that helps ensure consistency throughout architecture, threat modeling, security design requirements, and building security implementation.
grimwepa - Project Hosting on Google Code GRIM WEPA was written in Java and is intended for use with the Linux Operating System (specifically the Backtrack 4 distribution). GrimWepa 1.1 has been translated for Português-Brasil users. It is available in the downloads section. GRIM WEPA is no longer being supported GRIM WEPA is on an indefinite hiatus while I work on other projects. Please use Wifite instead of GRIM WEPA. Please update your bookmarks and links accordingly. This project will remain open so that I may eventually update GrimWepa. GRIM WEPA is a password cracker for both WEP and WPA-encrypted access points (routers). note: the settings & configuration file for Grim Wepa is saved to /etc/grimwepa.conf GRIM WEPA's cracking methods are archaic and have been around for years. The Backtrack 4 Linux distribution has a default WEP/WPA cracker, but it does not work properly for me; also, the Spoon series does not run properly for me on BT4, so I created GRIM WEPA for myself and as an homage to shamanvirtuel. Run GRIM WEPA as root!