اعلان

Website

المدونة

ملاحظات يجب قراءتها:

1. نتبرئ من استخدام أي موضوع في المدونة في طريق الحرام أو ضد المسلمين.
2. إن لم تجد الموضوع الذي بحثت عنه في محرك البحث، استخدم البحث الداخلي في المدونة.
3. هناك مراكز رفع ملفات تحتاج الى استعمال بروكسي للتحميل المجاني دون عمل حساب مدفوع مثل مركز رفع uploading.com
4. نعتذر عن عدم توفر بدائل لبعض الروابط المفقودة
5. الرجاء فحص الملفات جيداً قبل التشغيل فيما يخص أدوات الهاكرز و الفيديو..الخ
6. ليست كل البرامج كاملة و ليست كل البرامج تحتاج الى تسجيل!!؟؟
7. عزيزي الزائر تشرفنا بزيارتك، و أعلم أنك لست أول زائر و لن تكون الاخير بإذن الله تعالى، تمتع بتصفح المدونة دون مشاكل بإذن الله...
8. لا تنس استخدام (رسائل اقدم) لرؤية باقي مواضيع التصنيفات

انشاء المدونة

تم انشاء المدونة في:

07\01\2009

Black ice

كل عام و أنتم بألف خير بمناسبة مرور 4 سنوات على انشاء المدونة و الحمدلله

ĬŖŞĤ@ĮĐ مدونة الخدع و الشروحات إرشيد الجرايدة ĬŖŞĤ@ĮĐ

?What is an exploit

*** What is an exploit ***

An exploit is a computer program, which circumvent computer security.
There are many ways to exploit security holes. If a computer programmer
make a programming mistake in a computer program, it is sometimes possible to
circumvent security. The coding of such programs, which attack (hack) the
programming mistakes or security holes is the art of exploitation or exploit
coding. Some common exploiting techniques are stack exploits, heap exploits,
format string exploits, ...

*** What is an stack exploit ***

A stack exploit occurs, if you can write more than the size of a buffer
located on the stack into this buffer. If you can write more data,
as the size of the buffer (more than 1024 bytes in this example) a stack
overflow occurs. For example:

CODE
main(int argc, char **argv)
{
// This buffer is located at the stack
char buf[1024];
// i is located on the stack
int i;

// A 6 byte stack buffer overflow
for(i=0;i<1030;i++)
buf[i] = 'A'

// Another example
// if argv larger than 1024 a overflow occur
strcpy(buf, argv[1]);
}


Why a stack overflow is a security threat ? The assembler instruction 'call'
push the return address on the stack. 'call' jump into a function in our
example the function is main. If the function returns with the assembler
instruction 'ret', it returns to the function pointer at the stack.
If you can overflow the stack you can overwrite the return address located
at stack. You can return to another location. The location should a pointer
to a shellcode address. Read alephonestack.txt for more information.
You can download it at my papers section.

*** What is a shellcode ***

Shellcode are machine instructions, which launch a shell for example.
A shellcode looks like this:

CODE
char shellcode[]="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62 \x69\x89"
"\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b\ xcd\x80";


Every char is a machine instruction. \xcd\x80 is 'int 80' for example. After
an overflow occur we need a address to return. This shellcode launch a
shell. If you point to the shellcode (after a stack overflow for example),
the machine instructions are launched and spawns a shell. Compile this
program. It tests the shellcode and spawns a shell:
CODE
// Compile this program with gcc sctest.c -o sctest and start it: ./sctest
// now you have someting like
// sh-2.03$


#include

char shellcode[]=
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\ x69\x89"
"\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b\ xcd\x80";
int
main()
{
void (*dsr) ();
(long) dsr = &shellcode;
printf("Size: %d bytes.\n", sizeof(shellcode));
dsr();
}


read alephonestack.txt for basic shellcode coding

*** What are heap overflows ***
If the heap is overflowed a heap buffer overflow occurs.
A heap overflow looks like that:

CODE
// It dynamically create a 1000 byte buffer on the heap.
main(int argc, char **argv)
{
// pointer points to a heap address
char *pointer = malloc(1000);
char *pointer2 = malloc(200);

// Overflowed, if argv[1] is larger than 1000 bytes.
// The buffer pointer 2 is overflowed if pointer
// contains more than 1000 bytes.
strcpy(pointer, argv[1]);

// Free dynamically allocated data
free(pointer)
free(pointer2);
}


Read heaptut.txt for more information.

*** Format String exploit's ? ***
If you control the format string in one of the printf, syslog or
setproctitle function, a exploitation is possible. Format strings
are something like "%s", "%x", "%d", ... For example:

CODE
main(int argc, char **argv)
{
char *buf = "TEST";

// The wrong way
// The user can control the format string
printf(argv[1]);

// You should code:
printf("%x", argv[1]);
}

ليست هناك تعليقات:

إرسال تعليق