Search for Metaspoitable. It's a Virtual Machine (linux). Also look for
Nessus.

-----Oorspronkelijk bericht-----
Van: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
Namens Bob Bobson
Verzonden: dinsdag 22 mei 2012 23:45
Aan: security-basics (at) securityfocus (dot) com [email concealed]
Onderwerp: Re: locating exploits in open source

Alternatively you can attempt to locate a version ofDamn Vulnerable Linux.
Although it has been discontinued and most torrents have died by now (there
are still a few seeds here and there), it remains one of my personal
favorites when it comes to learning about vulnerabilities.

On 22/05/12 20:29, AK wrote:

> ASLR is not your only problem under Linux. If you are using a modern
> distribution (e.g. your homebox) there are loads other protections
> enabled. Your best bet is to download an older one, turn off
> protections where needed (via proc and via linker options) and start from
there.
> Userland exploitation is not beginner material with all the
> mitigations enabled.
>
> On 5/22/12 7:00 PM, Littlefield, Tyler wrote:
>> Thanks all for the info. I really appreciated it. Luckaly I have some
>> experience with asm, though it is limited. The videos are nice,
>> though I am going to have to supplement them with extra materials
>> more than usual, since I am blind and it's hard to tell what he is
>> doing all the time.
>>
>> Anyway, again I appreciate the help. I do have a question.
>> If I am going to use a buffer overflow, I want to make sure I
>> understand this right.
>> If I have a function like:
>> void foo(char* x);
>> that means that I'd need to push an argument and call foo.
>> push eax
>> call foo
>> now that I've called foo, it's going to set up the stack:
>> gcc's disasm does something like:
>> push ebp
>> mov ebp, esp
>> so now we have:
>> ebp+8 >> x
>> ebp+4 >> return
>> ebp >> old ebp (?)
>> so lets say that I declare a static buffer (you would sub ebp, 4) for
>> that extra variable and it was a buffer. so if it was ebp-4, I could
>> store an int there.
>> now if I wanted to overflow that, I would have to fill ebp-4, which
>> is the variable, ebp which is the pointer to the old frame
>> (explaination there would be cool--I am kind of confused on what the "old
frame"
>> is); is it just the point on the stack (esp) where the previous
>> frame's locals and that are stored? and then ebp+4. So I would have
>> to feed that buffer 12 bytes to overwrite the return.
>> so, this leads me to two final questions.
>> First, is there a way perhaps to return backwards? So if I could
>> manage to squeeze shellcode into those first 8 bytes (is that a
>> possibility?) I could return to that and execute that? If I return to
>> a funtion, how do I make that function do what I want? Being able to
>> run any function in the code seems nice, but calling printf for
>> example doesn't really do much for me. It would also require that I
>> somehow get my arguments on the stack.
>> Finally, lets say I found a function with GDB. With ASLR, is that not
>> guaranteed to change when I execute the program again?
>>
>> Hopefully this is the right place for these questions--if not, I
>> would appreciate other resources where this could be asked.
>> Thanks,
>> Ty
>>
>>
>> ---------------------------------------------------------------------
>> --- Securing Apache Web Server with thawte Digital Certificate In
>> this guide we examine the importance of Apache-SSL and who needs an
>> SSL certificate. We look at how SSL works, how it benefits your
>> company and how your customers can tell if a site is secure. You will
>> find out how to test, purchase, install and use a thawte Digital
>> Certificate on your Apache web server. Throughout, best practices for
>> set-up are highlighted to help you ensure efficient ongoing
>> management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>> 442f727d1
>>
>> ---------------------------------------------------------------------
>> ---
>>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]