This post will be pretty brief, as there are no significant differences in the solution for abo6.c from other previously covered exercises, while abo7.c and abo8.c are both not exploitable. The latter two exercises demonstrate important concepts regarding the placement of variously defined variables within memory for compiled C code which I’ll outline, but it [...]
Category Archives: Software Hacking
Insecure Programming by Example: abo5.c we GOT this…
September 10, 2010 – 7:23 pm
Introduction I actually solved this one a bit ago, while messing around at the GFIRST 2010 conference in San Antonio. Just now getting around to writing it up. Here is the code for abo5.c: Gera says: ch-ch-ch-changes Use your sixth sense, will you be able to gain control given the possibility of writing wherever you [...]
Insecure Programming by Example: abo4.c POINTER MADNESS
August 9, 2010 – 8:29 pm
Introduction I love sensational titles. Here is abo4.c: Gera says: oh pointers, pointers! Do you remember when you had problems with * and &? everybody has that kind of problems at least once when learning C, what about poiners to pointers? let’s see… There are a few elements of this that we should go over [...]
Passive DNS mining from PCAP with dpkt & Python
April 13, 2010 – 8:31 pm
Update 04/14: A friend pointed me to dnssnarf, a project that looks like it was written at a DojoSec meeting by Christopher McBee and then updated a bit later on by Grant Stavely. It uses Scapy (which I hear is really neat if you haven’t played with it). Check Grant’s blog post about dnssnarf out. [...]
Symantec Brightmail syslog message parser
April 9, 2010 – 8:56 pm
Ok, this will not be interesting to most of you folks that are subscribed (all three of you [hi Mom!]) but I’m hoping Google will get it and then if anyone needs this script, it’ll be there to help them. This is just a simple log parser for the really, really annoying multi-line/multi-message format that [...]
Python Unescape 16-bit Unicode String to File
April 2, 2010 – 6:03 pm
Archived here for me, maybe someone else will need it. Frequently when our analysts are doing malcode analysis, particularly on malicious PDF documents, they see shellcode in the form of 16-bit Unicode values that are then unescaped into the heap calling the Javascript unescape() function. Problem is, we do most of our malicious Javascript analysis [...]
Bluecoat ProxySG Cache Retrieval Script in Python
March 19, 2010 – 12:44 pm
So, I was actually looking at this script today and thought folks who use Bluecoat as proxies at their jobs (I get the impression that they are pretty popular) might be interested in checking it out. It’s kind of like a poor-man’s pcap solution for sites that use a robust Bluecoat proxy but don’t have [...]
Insecure Programming by Example: abo3.c
March 14, 2010 – 2:39 pm
Updated 03/20/2010 to add an excellent introduction to pointers in C and C++. The theme for this exercise was provided by one of the folks I follow on Twitter. @kpyke: And so sayeth the @pusscat: “If you gave me the source code, I’d just compile it and look at it in a debugger anyways…” This [...]
Insecure Programming by Example: abo2.c, not vulnerable…o rly?
February 13, 2010 – 11:32 am
Introduction Note 02/13/2010: This post has been a long time coming (started on 01/15 I think), I’m sorry for the delay. At first, it took me a while to (SPOILER, YOU WILL DIE ALONE) find out that abo2.c was not exploitable under x86 due to the exit() call…I saw this immediately, but it took me [...]
Insecure Programming by Example: Advanced Buffer Overflows 1
December 23, 2009 – 8:12 pm
Introexecuduction Ok, after a nice break, I’m ready to…break . I have a couple of Python related posts in my docket, but today we’re going to start work on the next exploit exercises by Gera in his Insecure Programming by Example series, Advanced Buffer Overflows! I hope they aren’t too advanced. This should be refreshing [...]
