The Ethical Hacker Network - Dirty exploiting 101

EH-Net > Ethical Hacking Discussions and Related Certifications > Programming (Moderator: don) > Dirty exploiting 101

Pages: [1] Go Down

« previous next »

	Author	Topic: Dirty exploiting 101 (Read 19927 times)
0 Members and 1 Guest are viewing this topic.

sil

Hero Member

Offline

Posts: 549

Dirty exploiting 101

« on: March 25, 2011, 09:35:02 PM »

So I was bored today, tinkering while on a conference call. (ADHD I tell you) I was messing around with Peach (fuzzer), ComRaider and WinDBG... Created a PoC demonstration of register control (ecx, ebc, eip) on Google Earth. Remember, the goal is to (dis)affect EIP in the longrun thereby obtaining control of EIP in some shape form or fashion.

http://www.infiltrated.net/pwningGoogleEarth/ (7min 30 or so seconds)


	Logged

http://www.infiltrated.net/mgz/puppylecter.jpg

alucian

Full Member

Offline

Posts: 225

Re: Dirty exploiting 101

« Reply #1 on: March 25, 2011, 09:55:58 PM »

You totally lost me during the demo Roll Eyes

But I get the main idea... I hope Huh

I am wondering if I am not too old for this field.
Maybe I will start going deeper in Cobit and I will become a consultant that will teach others to better organize/protect themselves Tongue

Anyway, you really impressed me.
Unfortunately we are not in the same city, otherwise I would have bought you a lot of beer.


	Logged

CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP

hayabusa

Hero Member

Offline

Posts: 1633

Re: Dirty exploiting 101

« Reply #2 on: March 25, 2011, 10:43:47 PM »

Nice job, sil! Gosh, you get to have so much fun!

Wish I had time for tinkering, some days. My days, this week, were spent fixing issues with a customer's s390x (zSeries) guests, cuz they have issues with broken patching (security specific, and all,) and was busy diving through gdb and debugging.

Gonna have to make time to experiment and see what you did, in more detail, next week or so, if I'm lucky enough...


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

ajohnson

Recruiters
Hero Member

Offline

Posts: 1060

aka dynamik

Re: Dirty exploiting 101

« Reply #3 on: March 30, 2011, 10:39:54 PM »

I was about to give you a hard time for not throwing in some of your custom mixes, but then *BAM*, right at 11 seconds Wink

That's cool stuff. It's unfortunately over my head at the moment, but it's great that you keep putting out stuff like this. I've just caught up on the articles you've put out over the past few months as well. Keep it up dude; it's much appreciated!


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

timmedin

Sr. Member

Offline

Posts: 469

Re: Dirty exploiting 101

« Reply #4 on: April 12, 2011, 11:05:29 AM »

More context and description (probably audio) would make this a useful learning tool. Right now it just shows what happened, without explaining why it happened or why you want step X to happen.


	Logged

twitter.com/timmedin | http://blog.securitywhole.com

Pages: [1] Go Up

« previous next »

Jump to: