Alternatively you can attempt to locate a version ofDamn Vulnerable Linux. Although it has been discontinued and most torrents have died by now (there are still a few seeds here and there), it remains one of my personal favorites when it comes to learning about vulnerabilities.
On 22/05/12 20:29, AK wrote:
> ASLR is not your only problem under Linux. If you are using a modern
> distribution (e.g. your homebox) there are loads other protections
> enabled. Your best bet is to download an older one, turn off protections
> where needed (via proc and via linker options) and start from there.
> Userland exploitation is not beginner material with all the mitigations
> enabled.
>
> On 5/22/12 7:00 PM, Littlefield, Tyler wrote:
>> Thanks all for the info. I really appreciated it. Luckaly I have some
>> experience with asm, though it is limited. The videos are nice, though
>> I am going to have to supplement them with extra materials more than
>> usual, since I am blind and it's hard to tell what he is doing all the
>> time.
>>
>> Anyway, again I appreciate the help. I do have a question.
>> If I am going to use a buffer overflow, I want to make sure I
>> understand this right.
>> If I have a function like:
>> void foo(char* x);
>> that means that I'd need to push an argument and call foo.
>> push eax
>> call foo
>> now that I've called foo, it's going to set up the stack:
>> gcc's disasm does something like:
>> push ebp
>> mov ebp, esp
>> so now we have:
>> ebp+8 >> x
>> ebp+4 >> return
>> ebp >> old ebp (?)
>> so lets say that I declare a static buffer (you would sub ebp, 4) for
>> that extra variable and it was a buffer. so if it was ebp-4, I could
>> store an int there.
>> now if I wanted to overflow that, I would have to fill ebp-4, which is
>> the variable, ebp which is the pointer to the old frame (explaination
>> there would be cool--I am kind of confused on what the "old frame"
>> is); is it just the point on the stack (esp) where the previous
>> frame's locals and that are stored? and then ebp+4. So I would have to
>> feed that buffer 12 bytes to overwrite the return.
>> so, this leads me to two final questions.
>> First, is there a way perhaps to return backwards? So if I could
>> manage to squeeze shellcode into those first 8 bytes (is that a
>> possibility?) I could return to that and execute that? If I return to
>> a funtion, how do I make that function do what I want? Being able to
>> run any function in the code seems nice, but calling printf for
>> example doesn't really do much for me. It would also require that I
>> somehow get my arguments on the stack.
>> Finally, lets say I found a function with GDB. With ASLR, is that not
>> guaranteed to change when I execute the program again?
>>
>> Hopefully this is the right place for these questions--if not, I would
>> appreciate other resources where this could be asked.
>> Thanks,
>> Ty
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an
>> SSL certificate. We look at how SSL works, how it benefits your
>> company and how your customers can tell if a site is secure. You will
>> find out how to test, purchase, install and use a thawte Digital
>> Certificate on your Apache web server. Throughout, best practices for
>> set-up are highlighted to help you ensure efficient ongoing management
>> of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>
>> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
On 22/05/12 20:29, AK wrote:
> ASLR is not your only problem under Linux. If you are using a modern
> distribution (e.g. your homebox) there are loads other protections
> enabled. Your best bet is to download an older one, turn off protections
> where needed (via proc and via linker options) and start from there.
> Userland exploitation is not beginner material with all the mitigations
> enabled.
>
> On 5/22/12 7:00 PM, Littlefield, Tyler wrote:
>> Thanks all for the info. I really appreciated it. Luckaly I have some
>> experience with asm, though it is limited. The videos are nice, though
>> I am going to have to supplement them with extra materials more than
>> usual, since I am blind and it's hard to tell what he is doing all the
>> time.
>>
>> Anyway, again I appreciate the help. I do have a question.
>> If I am going to use a buffer overflow, I want to make sure I
>> understand this right.
>> If I have a function like:
>> void foo(char* x);
>> that means that I'd need to push an argument and call foo.
>> push eax
>> call foo
>> now that I've called foo, it's going to set up the stack:
>> gcc's disasm does something like:
>> push ebp
>> mov ebp, esp
>> so now we have:
>> ebp+8 >> x
>> ebp+4 >> return
>> ebp >> old ebp (?)
>> so lets say that I declare a static buffer (you would sub ebp, 4) for
>> that extra variable and it was a buffer. so if it was ebp-4, I could
>> store an int there.
>> now if I wanted to overflow that, I would have to fill ebp-4, which is
>> the variable, ebp which is the pointer to the old frame (explaination
>> there would be cool--I am kind of confused on what the "old frame"
>> is); is it just the point on the stack (esp) where the previous
>> frame's locals and that are stored? and then ebp+4. So I would have to
>> feed that buffer 12 bytes to overwrite the return.
>> so, this leads me to two final questions.
>> First, is there a way perhaps to return backwards? So if I could
>> manage to squeeze shellcode into those first 8 bytes (is that a
>> possibility?) I could return to that and execute that? If I return to
>> a funtion, how do I make that function do what I want? Being able to
>> run any function in the code seems nice, but calling printf for
>> example doesn't really do much for me. It would also require that I
>> somehow get my arguments on the stack.
>> Finally, lets say I found a function with GDB. With ASLR, is that not
>> guaranteed to change when I execute the program again?
>>
>> Hopefully this is the right place for these questions--if not, I would
>> appreciate other resources where this could be asked.
>> Thanks,
>> Ty
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an
>> SSL certificate. We look at how SSL works, how it benefits your
>> company and how your customers can tell if a site is secure. You will
>> find out how to test, purchase, install and use a thawte Digital
>> Certificate on your Apache web server. Throughout, best practices for
>> set-up are highlighted to help you ensure efficient ongoing management
>> of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]