An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.
0c45b1d562e077e6945b0677cd1ab74d79b4754f927c1df8be3f30b948146365White paper on basic security and hardening procedures for AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed towards AIX 5.2. This guide attempts to cover a lot of ground and offers useful and necessary insight for anyone administering AIX machines.
ecfb4a60e0e6196f9d9766af6ece08474e4efe2124ea8315a374f993c5861c7bWhitepaper on hardening Mac OS X. The paper includes a very brief introduction to the firmware, descriptions of hardening using both GUI and command-line interface.
4688e86aba49b64aea66c1e41de872c1d5fbe4833debe6b75fc948a9e68ed20cMandatory Access Control tutorial to correctly and safely install, configure, and use MAC policies. Written for FreeBSD users. Full step by step details given with explanations.
207406b5776a26ca845f149070406f74a77aefe86a8bb83717528be689f9754bWhitepaper detailing how to successfully patch the linux kernel in order to allow ptracing /sbin/init, and subsequently inject a connect-back shellcode into the target process. Patch code included.
8f53ec04bcff41e9accc09e517f1377b092c491fe8ae8d1ad5bb913474b9c162One Byte Frame Pointer Overwrite Hardcoded Exploits - This paper describes how to exploit overflows which are off by only one byte. Includes sample code.
003c664e2339c4874046201145c181f17ebdd3ea4be562a3990168bb8426da4eA paper that details the manipulation of the destructor when utilizing a buffer overflow, a format string attack, or corrupting a malloc chunk.
9ca183559ae54fd97c38cdc1cdabdfb443407e4dead2e88e1c635a606ab6c42dThis paper describes FILE stream overflow vulnerabilities and illustrates how they can be exploited. The author uses a FILE stream overflow in dvips as a case study.
1ba52e016c0392136d39eef96e00aa376e076ea025a6eab55d090bf725634635Vulnerabilities in Your Code Part II - Format string vulnerabilities and exploitation. Shows the exact location of the vulnerabilities, providing detailed explanations and exploits for each one found.
8c24f5e7710930cc45684d33d0daebaf7d08df845a23878ef36b0304e4c5c79fCommon use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications, sometimes allowing privilege escalation. Includes information on races, file removal, fixes, and more.
b15d4299f68a0564b2dbf1976f2695381bb7cba4b78e5f66221c135ce941492eThis paper describes how it is possible to send data in TCP headers using the acknowledgment numbers.
7d3622c2a90e4c221166d445cceb86235ad4192fe69fee022fc63d44f568f214Finding Vulnerabilities - This paper explains the auditing of C source code to find application exploits. Includes a practical example of how to hack an IDS that was coded for a website.
9a48e28edc710e3b6eb7dfe1ecba2cec826785f99ff2ef8c0174fa6e04e4a18cShellcoding - How to write shellcode for Linux/x86. Includes parts I + II.
ab9b8ac49332beb7d33224ea976173ece2c5d27c3e8ef84a8f08f0888ea062bfThis paper will discuss setting up encrypted communication for SNMP agents and trapd hosts through the use of Zebedee (Zee-bee-dee) UDP tunneling and encryption features. The goal is encrypted SNMP traps from the hosts to the management station and encrypted polling of the SNMP agent running on the host. All SNMP communication is handled by Zebedee with proper firewall filtering practices.
4a499e9ba7f3664c7a591bdd126df956c5e9ae02bd6a0f8e046e172d1575f496Fmt.tar.gz contains tutorials in English and German on exploiting local format string vulnerabilities. This is a summary of tutorials from http://community.core-sdi.com/~juliano and includes sample code.
d8734dad39eae6eac7936a0b8293ae59adf0e02e8af61b742dc02ed9c0a777dcWriting Linux kernel based key loggers - Includes a sample key logger which can log user input and passwords.
7f88f2d22ed4e054498403e9c2f923a531d0e030d05598992787c9f2a357b715Writing shellcode for Linux/390 mainframes. Includes port binding shellcode example.
c882054b5eac3179b12735dc7e7d8bd4b960f0cbc421c7afa516ca6eb6614193Memory Layout - Detailed information on memory management.
cc6fe6e45674468a6bc672789840a5b21125c251e2bdb99011fbff20d436c393How to Remotely Exploit Format String Bugs - A practical tutorial. Includes info on guessing the offset, guessing the address of the shellcode in the stack, using format string bugs as debuggers, examples, etc.
c323add4e7a0e2f2f14ec27d9d50002992564b1d0be3d391722da88350a25a83This document describes buffer overrun vulnerabilities on Sun Microsystems SPARC machines. We will begin by examining the SPARC architecture, looking at the registers and the stack. We will then go on to see exact how buffer overrun vulnerabilities occur and how control over the processes execution is gained under SPARC and then detail how, from here, the vulnerability can be exploited to gain control over the computer by looking at exploit code that spawns a shell under Solaris.
ea2827088b20a431d2ee4be68183cd2ee8cf525ff70d198af4b747cffecabe5cReversing the ELF - Stepping with GDB during PLT uses and .GOT fixup. This is a GDB tutorial about runtime process fixup using the Procedure Linkage Table section (.plt) and the Global Offset Table section (.got) by the dynamic linker ld-linux.so. ASM knowledge will be helpful. More info on ELF here.
d827aaba5feb045e90dea774ade60c84ce956eb244b90457391bfb60f6d84432How Nmap scans work - This MS word document has information on how some of the different nmap scan types work.
22b9a4cfef68364a9b2ddaa65ca1711e247271b9ab7e8b22d390d178b4512d08In the local network, the act of sniffing has become a serious threat. Malicious users can use sniffing techniques to steal confidential documents and anyone's privacy by sniffing the network. Sniffing causes privacy intrusion, and can be done simply by downloading free sniffer tools from the Internet and installing them into a personal computer that resides on the local network. The documentation below discusses the use of Address Resolution Protocol (ARP) packets to effectively detect malicious users when they are sniffing the network. The tool Promiscan implements the techniques discussed in this document.
3b4eb0fa6c35f22e1be3cc854ed00d146e1e719021590d06adf4be82ee6f4bdbExploiting Format String Vulnerabilities v1.2 - Includes over 30 pages of well organized information along with several examples.
4ec81ccf82417d72ae0551b3d1085e97a9b9867f7c180e6ba8dd7c5b18eb6b66How to Exploit Format String Vulnerabilities under Alpha Linux. Includes techniques and example code.
fb0fd3f5ea1da71d3480f0ab3b12774cb66642a7b3267859fa03b1b693e6053e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed