Vuln Dev Mode:
(Page 5 of 75)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Writing ascii shellcode (\xcc) 2007-07-04
lists73 skilltube com
There was a question regarding ascii shellcode development and in particular, how to get the \xcc opcode. We had a similar problem a few weeks ago and we solved it with a well-known approach documented by Steve Hanna. The example below might help others as well.

Suppose we want create the followi

[ more ]  [ reply ]
Developing exploit for a tricky vulnerability 2007-06-29
John Paterson (john9434 gmail com)
Here is the scenario:
There is a buffer located on the heap beginning at address A. I can
overwrite any dword-aligned memory location between A and A+S, where S
is the size of exploit file divided by 2. This is the tricky part -
the value written must be in the range from 0 to FFFF. This is not a
ty

[ more ]  [ reply ]
Exotic vulnerability 2007-06-26
joxeankoret (joxeankoret yahoo es) (1 replies)

Hi,

I'm trying to develop an exploit for a product in which I found a
vulnerability and that is the most "exotic" one I found. The following C
source recreates the vulnerability:

#include <stdio.h>

void func(int var)
{
__asm__("mov (%eax), %eax");
__asm__("call *%eax");

[ more ]  [ reply ]
Re: Exotic vulnerability 2007-06-28
Thomas Pollet (thomas pollet gmail com)
Re: creating a "cc" opcode from ASCII shell code 2007-06-25
lists73 skilltube com
We had pretty much the same problem a few weeks ago, also exploiting an email app. What you can do is to use a loader code that constructs the real shellcode, in your case "run calc.exe". It is a little time consuming, but it works! With that approach, you can also use the loader code to construct t

[ more ]  [ reply ]
Re: vulnerabilities in this code chunk 2007-06-22
Jonathan Leffler (jleffler us ibm com)
> ----- Message from erk_3 (at) hotmail (dot) com [email concealed] on 21 Jun 2007 22:41:04 -0000 -----
> I am trying to find all the vuln's in this code chunk, and the only
> thing I can come up with is a null pointer dereference. Assume data
> and data_len are user controlled.
> Null pointer happens when passing in a negati

[ more ]  [ reply ]
creating a "cc" opcode from ASCII shell code 2007-06-22
Aaron Adams (aadams securityfocus com) (3 replies)
I'm sending this to the list on behalf of deros68 <at> yahoo.com. Please
respond to the list or him directly, rather than me.

Thanks.
Moderator

-------- Original Message --------

I have developed an email exploit, incoming email via
smtp, for a certain email program. I want to develop
a "run ca

[ more ]  [ reply ]
Re: creating a "cc" opcode from ASCII shell code 2007-06-23
Dude VanWinkle (dudevanwinkle gmail com)
Re: creating a "cc" opcode from ASCII shell code 2007-06-22
H D Moore (sflist digitaloffense net)
Re: creating a "cc" opcode from ASCII shell code 2007-06-22
Valdis Kletnieks vt edu
vulnerabilities in this code chunk 2007-06-21
erk_3 hotmail com
Heylo,

I am trying to find all the vuln's in this code chunk, and the only thing I can come up with is a null pointer dereference. Assume data and data_len are user controlled.

Null pointer happens when passing in a negative number. I was looking hard at the memset functions but I couldn't come

[ more ]  [ reply ]
CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece 2007-06-17
ptrim ics forth gr
+++ Apologies for multiple postings +++

************************************************************************
**

3rd European Conference on Computer Network Defence (EC2ND)
4-5 October 2007, Aldemar Royal Mare Village, Hersonissos, Crete, Greece
http://2007.ec2nd.org/

Call for Papers
----------

[ more ]  [ reply ]
Static Code Analysis - Nuts and Bolts 2007-06-12
Paul Sebastian Ziegler (psz observed de) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi list,

due to personal interest I'd like to ask on your opinion regarding best
practices for static code analysis.
I guess most of us are accustomed to this method. After all - if you
want to find a vulnerability that basically means that either lu

[ more ]  [ reply ]
Re: Static Code Analysis - Nuts and Bolts 2007-06-13
solemn (sohlow gmail com)
non-process-terminating shellcode 2007-06-12
Sanjay R (2sanjayr gmail com) (1 replies)
Hi:
I am looking for some references for creating a shellcode that will
not terminate the exploited application (process that being exploited)
and on the same time, inject the payload that, for example, opens a
shell. I shall be obliged for any help and further readings on this.

thanks
-Sanjay
--

[ more ]  [ reply ]
Re: non-process-terminating shellcode 2007-06-12
H D Moore (sflist digitaloffense net)
Re: Re: GDI+ and Internet Explorer question 2007-06-12
gljuposti gmail com
Thanks! Nice trick with renaming to metafile. Though I noticed it doesn't work with most image formats (for example bmp, gif and jpg are also opened in IE after renaming). Is there also a way to force these to be opened with GDI+ remotely?

Another question, does anyone know if IE image decoders use

[ more ]  [ reply ]
Seh over write 2007-06-10
KaCo678 aol com
Hey i was wondering if any one would be able to help i have a few question's.About over writing the seh handler's.I have wrote a poc code for an buffer over flow..The problem was i didn't over write the eip but did write to a few registers also there is a few that hold the buffer..My question is.I w

[ more ]  [ reply ]
GDI+ and Internet Explorer question 2007-06-09
gljuposti gmail com (1 replies)
From reading about previous GDI+ vulnerability reports (such as JPEG overflow) I got an impression that Internet Explorer was using GDI+ to decode images. However, looking at the newfound GDI+ ICO vulnerability, I noticed that the PoC

http://www.securityfocus.com/data/vulnerabilities/exploits/24

[ more ]  [ reply ]
Re: GDI+ and Internet Explorer question 2007-06-10
H D Moore (sflist digitaloffense net)
Second Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007 2007-06-08
Paul Böhm (paul boehm org)
DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 -
Vienna, Austria
http://deepsec.net/

Second Call for Papers

We're inviting you to submit papers and proposals for trainings for
the first annual DeepSec security conference.

We've been able to get some really good submissions, fan

[ more ]  [ reply ]
Re: Re: Learning buffer overflow help 2007-06-07
erk_3 hotmail com
I figured this would be the problem, running it on xp sp2, LCC as the compiler, using ollydbg for debugging. I am going to load up ubuntu and give it a shot there and see if I have better luck, Thanks for all your help/understanding so far everyone!

-Eric

[ more ]  [ reply ]
OWASP and WASC Cocktail party at Blackhat USA 2007 2007-06-07
Anurag Agarwal (anurag agarwal yahoo com)
OWASP and WASC have joined hands to have a combined meetup at Blackhat USA
2007 in Las Vegas which was earlier planned as a WASC meetup. Breach
Security has generously agreed to sponsor the event, so cocktails and
appetizers will be served to all attendees. Since both the top webappsec
organizat

[ more ]  [ reply ]
Re: Vulnerability Disclosure 2007-06-07
Jonathan Leffler (jleffler us ibm com) (1 replies)
Matthew Steer <matt.steer (at) marstons.co (dot) uk [email concealed]> wrote:
> I have been playing around with a program and have discovered a bug
> that I have successfully leveraged into code execution. I reported
> my findings to the vendor, not yet receiving a reply; this is the
> first time I have done this.
>
> The

[ more ]  [ reply ]
Re: Vulnerability Disclosure 2007-06-08
Valdis Kletnieks vt edu (2 replies)
Re: Vulnerability Disclosure 2007-06-16
Lincoln Yeoh (lyeoh pop jaring my)
Re: Vulnerability Disclosure 2007-06-08
Jonathan Leffler (jleffler us ibm com)
Re: Learning buffer overflow help 2007-06-07
KaCo678 aol com
Hey send me an email m8 ill see what i can do to help..Using a diffrent example coz have you tried sending alot more strings to this app.

[ more ]  [ reply ]
Re: Learning buffer overflow help 2007-06-07
Marco Ivaldi (raptor 0xdeadbeef info)
Hey Eric,

On Wed, 6 Jun 2007, erk_3 (at) hotmail (dot) com [email concealed] wrote:

> Hello everyone, I have studied alot on buffer overflows and I understand the
> theory behind it. Thing is, any example I follow says once you can overwrite
> the EIP you can control the flow of the program (in a nutshell).

[snip]

I gues

[ more ]  [ reply ]
(Page 5 of 75)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus