Section: .. / papers / unix /
| /// File Name: |
fmat.txt |
Description:
|
An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.
| | Author: | K-sPecial | | Homepage: | http://xzziroz.net/ | | File Size: | 15259 | | Last Modified: | Oct 20 20:29:28 2006 |
| MD5 Checksum: | 3323b524868edd9e4a53cd3146c4d95f |
|
| /// File Name: |
AIX_Security.pdf |
Description:
|
White paper on basic security and hardening procedures for AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed towards AIX 5.2. This guide attempts to cover a lot of ground and offers useful and necessary insight for anyone administering AIX machines.
| | Author: | Andre Derek Protas | | File Size: | 356907 | | Last Modified: | Jul 27 23:23:39 2004 |
| MD5 Checksum: | 7ee76c37cf394cc8018decb23e4e558e |
|
| /// File Name: |
mac.txt |
Description:
|
Mandatory Access Control tutorial to correctly and safely install, configure, and use MAC policies. Written for FreeBSD users. Full step by step details given with explanations.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 23878 | | Last Modified: | Apr 17 08:17:00 2004 |
| MD5 Checksum: | 6863069367b013e42b38720c4e26da80 |
|
| /// File Name: |
init_rpi.txt |
Description:
|
Whitepaper detailing how to successfully patch the linux kernel in order to allow ptracing /sbin/init, and subsequently inject a connect-back shellcode into the target process. Patch code included.
| | Author: | Christophe Devine | | File Size: | 18196 | | Last Modified: | Dec 30 13:49:58 2003 |
| MD5 Checksum: | 416c6fffc2174a4c171d7edaeccba127 |
|
| /// File Name: |
ebpoverflow.txt |
Description:
|
One Byte Frame Pointer Overwrite Hardcoded Exploits - This paper describes how to exploit overflows which are off by only one byte. Includes sample code.
| | Author: | Nebunu | | File Size: | 14982 | | Last Modified: | Oct 29 23:55:23 2003 |
| MD5 Checksum: | 3b316253703503292efec1f27f80389a |
|
| /// File Name: |
manipulating.dtors.txt |
Description:
|
A paper that details the manipulation of the destructor when utilizing a buffer overflow, a format string attack, or corrupting a malloc chunk.
| | Author: | Bob | | File Size: | 6781 | | Last Modified: | Jul 6 03:18:36 2003 |
| MD5 Checksum: | cf655444e6c3559bebdf6fd69d4b4aeb |
|
| /// File Name: |
Netric-RE-partII.pdf |
Description:
|
Radical Environments part II - This paper continues where part one left off, detailing a technique in writing 0 bytes when exploiting a local buffer overflow using a non-executable stack with the heap being stored in memory at a virtual address containing a \x00 byte.
| | Author: | gloomy, The Itch | | Homepage: | http://www.netric.org | | File Size: | 31363 | | Last Modified: | Apr 22 01:58:29 2003 |
| MD5 Checksum: | 6ae5f2cc150e8976d7d2778c6fb57fcd |
|
| /// File Name: |
envpaper.pdf |
Description:
|
Radical Environments part I - A paper that compiles various stack related tips and tricks which discusses how an exploit without nops works.
| | Author: | gloomy, The Itch | | Homepage: | http://www.netric.org | | File Size: | 131498 | | Last Modified: | Apr 22 01:53:49 2003 |
| MD5 Checksum: | b567cc1c11e03fc568e88bd47b06c40c |
|
| /// File Name: |
fstream-overflows.txt |
Description:
|
This paper describes FILE stream overflow vulnerabilities and illustrates how they can be exploited. The author uses a FILE stream overflow in dvips as a case study.
| | Author: | Killah. | | Homepage: | http://www.hack.gr/users/killah/ | | File Size: | 15126 | | Last Modified: | Feb 3 06:14:57 2003 |
| MD5 Checksum: | 886e4343079f8bdc593fe647b77e9859 |
|
| /// File Name: |
core_format_strings.pdf |
Description:
|
Vulnerabilities in Your Code Part II - Format string vulnerabilities and exploitation. Shows the exact location of the vulnerabilities, providing detailed explanations and exploits for each one found.
| | Author: | Core Security Team | | Homepage: | http://www.core-sec.com | | File Size: | 236465 | | Last Modified: | Jan 23 03:40:01 2003 |
| MD5 Checksum: | bb907eb9a4f60e0c9bfc8c3f75d6307a |
|
| /// File Name: |
tmpwatch.txt |
Description:
|
Common use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications, sometimes allowing privilege escalation. Includes information on races, file removal, fixes, and more.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx | | File Size: | 14247 | | Last Modified: | Dec 21 05:56:37 2002 |
| MD5 Checksum: | 6d1fa3c3d46b67c59286f2608ec45dba |
|
| /// File Name: |
tcp.acknowledgement.txt |
Description:
|
This paper describes how it is possible to send data in TCP headers using the acknowledgment numbers.
| | Author: | Rohits | | File Size: | 3077 | | Last Modified: | Oct 9 20:30:01 2002 |
| MD5 Checksum: | 5b7707d3ef0d959aaa728fe2bc4894b0 |
|
| /// File Name: |
FV.txt |
Description:
|
Finding Vulnerabilities - This paper explains the auditing of C source code to find application exploits. Includes a practical example of how to hack an IDS that was coded for a website.
| | Author: | Bob | | Homepage: | http://blaat.dtors.net | | File Size: | 11623 | | Last Modified: | Sep 17 09:48:12 2002 |
| MD5 Checksum: | 6e349f14320160b2b874d172bdb12a94 |
|
| /// File Name: |
shellcodin.txt |
Description:
|
Shellcoding - How to write shellcode for Linux/x86. Includes parts I + II.
| | Author: | Bob | | Homepage: | http://blaat.dtors.net | | File Size: | 17370 | | Last Modified: | Sep 17 09:33:30 2002 |
| MD5 Checksum: | f6ce6ce0746488247aaaf2c3ee8e867c |
|
| /// File Name: |
snmprizzo.txt |
Description:
|
This paper will discuss setting up encrypted communication for SNMP agents and trapd hosts through the use of Zebedee (Zee-bee-dee) UDP tunneling and encryption features. The goal is encrypted SNMP traps from the hosts to the management station and encrypted polling of the SNMP agent running on the host. All SNMP communication is handled by Zebedee with proper firewall filtering practices.
| | Author: | Ron Sweeney, Jerry Matt | | File Size: | 14442 | | Last Modified: | Aug 29 03:10:50 2002 |
| MD5 Checksum: | 248e08ed78b2ca065b381f79b54c301c |
|
| /// File Name: |
fmt.tar.gz |
Description:
|
Fmt.tar.gz contains tutorials in English and German on exploiting local format string vulnerabilities. This is a summary of tutorials from http://community.core-sdi.com/~juliano and includes sample code.
| | Author: | Delikon | | Homepage: | http://www.delikon.de | | File Size: | 5662 | | Last Modified: | Aug 23 02:45:33 2002 |
| MD5 Checksum: | 07f78152dbb1ed57e5ed511cdda34553 |
|
| /// File Name: |
writing-linux-kernel-keylogger.txt |
Description:
|
Writing Linux kernel based key loggers - Includes a sample key logger which can log user input and passwords.
| | Author: | Rd | | Homepage: | http://www.thc.org | | File Size: | 41528 | | Last Modified: | Jul 24 00:58:15 2002 |
| MD5 Checksum: | d22ed0dc349f3db7b6501802d30e8294 |
|
| /// File Name: |
remotefmt-howto.txt |
Description:
|
How to Remotely Exploit Format String Bugs - A practical tutorial. Includes info on guessing the offset, guessing the address of the shellcode in the stack, using format string bugs as debuggers, examples, etc.
| | Author: | Fr^id^iric Raynal | | File Size: | 26889 | | Last Modified: | Apr 24 21:49:24 2002 |
| MD5 Checksum: | 8d086961f802114fdecba45f4f33283f |
|
| /// File Name: |
sparc.zip |
Description:
|
This document describes buffer overrun vulnerabilities on Sun Microsystems SPARC machines. We will begin by examining the SPARC architecture, looking at the registers and the stack. We will then go on to see exact how buffer overrun vulnerabilities occur and how control over the processes execution is gained under SPARC and then detail how, from here, the vulnerability can be exploited to gain control over the computer by looking at exploit code that spawns a shell under Solaris.
| | Author: | David Litchfield | | Homepage: | http://www.atstake.com | | File Size: | 101504 | | Last Modified: | Jan 25 02:22:44 2002 |
| MD5 Checksum: | f84c8fdc8a46ebf7eb620006ec7dd07d |
|
| /// File Name: |
elf-runtime-fixup.txt |
Description:
|
Reversing the ELF - Stepping with GDB during PLT uses and .GOT fixup. This is a GDB tutorial about runtime process fixup using the Procedure Linkage Table section (.plt) and the Global Offset Table section (.got) by the dynamic linker ld-linux.so. ASM knowledge will be helpful. More info on ELF here.
| | Author: | Mayhem | | Homepage: | http://www.devhell.org/~mayhem | | File Size: | 11631 | | Last Modified: | Jan 17 01:36:17 2002 |
| MD5 Checksum: | a0158f7bb4c8098db9f9a4a633b10155 |
|
| /// File Name: |
scantactics.doc |
Description:
|
How Nmap scans work - This MS word document has information on how some of the different nmap scan types work.
| | Author: | Zack Walko | | File Size: | 30208 | | Last Modified: | Jan 11 01:08:23 2002 |
| MD5 Checksum: | 159e1b0b51c948797a4feab7aa315e2e |
|
| /// File Name: |
promiscuous_detection_01.pdf |
Description:
|
In the local network, the act of sniffing has become a serious threat. Malicious users can use sniffing techniques to steal confidential documents and anyone's privacy by sniffing the network. Sniffing causes privacy intrusion, and can be done simply by downloading free sniffer tools from the Internet and installing them into a personal computer that resides on the local network. The documentation below discusses the use of Address Resolution Protocol (ARP) packets to effectively detect malicious users when they are sniffing the network. The tool Promiscan implements the techniques discussed in this document.
| | Homepage: | http://www.securityfriday.com | | File Size: | 95873 | | Last Modified: | Dec 8 21:35:57 2001 |
| MD5 Checksum: | bc65962e49e09ab64b3e0d74e72cfe7d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
