.

Dirty exploiting 101

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Mar 25, 2011 9:35 pm

Dirty exploiting 101

So I was bored today, tinkering while on a conference call. (ADHD I tell you) I was messing around with Peach (fuzzer), ComRaider and WinDBG... Created a PoC demonstration of register control (ecx, ebc, eip) on Google Earth. Remember, the goal is to (dis)affect EIP in the longrun thereby obtaining control of EIP in some shape form or fashion.

http://www.infiltrated.net/pwningGoogleEarth/ (7min 30 or so seconds)
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Fri Mar 25, 2011 9:55 pm

Re: Dirty exploiting 101

:o
You totally lost me during the demo  ::)

But I get the main idea... I hope  ???

I am wondering if I am not too old for this field.
Maybe I will start going deeper in Cobit and I will become a consultant that will teach others to better organize/protect themselves  :P

Anyway, you really impressed me.
Unfortunately we are not in the same city, otherwise I would have bought you a lot of beer.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Mar 25, 2011 10:43 pm

Re: Dirty exploiting 101

Nice job, sil!  Gosh, you get to have so much fun!

Wish I had time for tinkering, some days.  My days, this week, were spent fixing issues with a customer's s390x (zSeries) guests, cuz they have issues with broken patching (security specific, and all,) and was busy diving through gdb and debugging.

Gonna have to make time to experiment and see what you did, in more detail, next week or so, if I'm lucky enough...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Mar 30, 2011 10:39 pm

Re: Dirty exploiting 101

I was about to give you a hard time for not throwing in some of your custom mixes, but then *BAM*, right at 11 seconds ;)

That's cool stuff. It's unfortunately over my head at the moment, but it's great that you keep putting out stuff like this. I've just caught up on the articles you've put out over the past few months as well. Keep it up dude; it's much appreciated!
The day you stop learning is the day you start becoming obsolete.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Apr 12, 2011 11:05 am

Re: Dirty exploiting 101

More context and description (probably audio) would make this a useful learning tool. Right now it just shows what happened, without explaining why it happened or why you want step X to happen.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software