FOAM is a general purpose file fuzzer I wrote in order to find offset values quickly. It is written in python so you will need http://www.python.org/ on your system.
The script can be downloaded at https://sites.google.com/site/myneuslayout/tools
Monday, August 23, 2010
Tuesday, August 3, 2010
From 0x90 to 0x4c454554, a journey into exploitation.
I put some time in and compiled a list in a course type layout to help people in process of learning exploit development. I hope my research will help others spend more time learning and less time searching.
First off I want to thank the corelan guys for the help they have provided me so far in the process.
layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning
desktop background Link to Backgrounds
Other Posts like this one:
Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
past-present-future of windows exploitation
smashing the stack in 2010
IT-Sec-catalog
First off I want to thank the corelan guys for the help they have provided me so far in the process.
layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning
desktop background Link to Backgrounds
Other Posts like this one:
Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
past-present-future of windows exploitation
smashing the stack in 2010
IT-Sec-catalog
- Part 1: Programming
- Part 2: Getting started
- Part 3:Tools of the trade
- Part 4: Network and Metasploit
- Part 5: Shellcode
- Part 6: Engineering in Reverse
- Part 7: Getting a little deeper into BOF
- Part 8: Heap overflow
- Part 9: Exploit listing sites
- Part 10: To come
Parallel learning #1:(complete this section before getting to the book "Hacking Art of exploitation")
While going through the programming area I concentrate on core topics to help us later on with exploit writing. One area that is very good to pick up is some kind of scripting language. Listed below are some of the most popular scripting languages and ones I feel will prove to be the most useful.
Python: One of my favorite languages and growing in popularity python is a powerful language that is easy to use and well documented.
Learn Python the hard way
Wikibooks Python
http://docs.python.org/
onlinecomputerbooks.com
Grey hat python
Ruby: If you plan on later on working inside of metasploit this may be the language you want to start with. I highly suggest this for exploit developers to learn.
Wikibooks Ruby
LittleBookOfRuby
Ruby Programmers Guide
onlinecomputerbooks.com
Perl: An older language that still has a lot of use perl is one of the highest used scripting languages and you will see it used in many exploits. (I would suggest python over perl)
[book] O'Reilly Learning Perl
onlinecomputerbooks.com
C and C++ programming:
It is very important to understand what you are exploiting so to get started let us figure out what we are exploiting. You do not need to go through all of these but when finished with this section you should have a good understanding of C and C++ programming.
Cprogramming.com
http://www.java2s.com/Tutorial/C/CatalogC.htm
http://beej.us/guide/bgc/
onlinecomputerbooks.com
X86 Assembly:
Ok now to understand what the computer reads when we compile C and C++. I am going to mostly stick to the IA-32(X86) assembly language. Read the first link to understand why. It explains it very well.
Skullsecurity: Assembly
Windows Assembly Programming Tutorial
http://en.wikibooks.org/wiki/X86_Assembly
[book]The Art of Assembly
Assembly primer for hackers
PC Assembly Language
Windows Programming:
This is to help understand what we are programming in and the structure of libraries in the OS. This area is very important far down the line
http://en.wikibooks.org/wiki/Windows_Programming
https://upload.wikimedia.org/wikipedia/commons/5/57/Windows_Programming.pdf
http://www.relisoft.com/win32/index.htm
http://slav0nic.org.ua/static/books/C_Cpp/theForger's_Win32APITutorial.pdf
http://www.winprog.org/tutorial/start.html
[book]Windows Internals 5
[book]Windows Internals 4
Disassembly:
Dissassembly is not as much programming as it is what the computer understands and the way it is interpreted from CPU and memory. This is where we start getting into the good stuff.
http://en.wikibooks.org/wiki/X86_disassembly
The Art of Disassembly
Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation.
Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed.
Smash the stack for fun and profit (Phrack 49)
C function call conventions and the stack
Anatomy of a program in memory
Function Calls, Part 1 (the Basics)
IA-32 Architecture
[videos]Code Audit from cryptocity.net
(Parallel learning #1 finished: You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages)
[Book]Hacking art of exploitation [Chapter 1&2]
Corelan T1
Corelan T2
Parallel learning #2:(complete this section before end of part 2)
(Read the first few posts on this blog has some good info)
Kspice blog
(Read some of the post from this blog they are very helpful with starting out with fuzzers.)
Nullthreat's blog
(I am linked directly to a demo exploit for this area but this is a useful blog to keep track of for many things)
A demo exploit
tenouk.com: Buffer overflow intro
The Tao of Windows Buffer Overflow
nsfsecurity on BOF
Hacker center: BOF
[video]Buffer overflow Primer
[Book]Shellcoder's Handbook Ch1&2
[Book]Hacking art of exploitation [Chapter 3]
Corelan T3A
Corelan T3B
SEH Based Exploits and the development process
SEH overwrite simplified
((Parallel learning #2 finished:)
This is a list of tools I have started using and find very useful.
Immunity Debugger
Ollydbg
Windbg
IDA Pro
explorer suite
Sysinternals
And here are some corelan posts on how to use them. I will supply more in future but this is a very good start.
Corelan T5
Corelan: Immunity debugger cheatsheet
(Networking)
Beej.us network programming
[Book]Hacking art of exploitation [Chapter 4]
Socket Programming in ruby
(Metasploit)
[Video]Security Tube: Metasploit Megaprimer
Metasploit.com
Metasploit Unleashed
[video]Metasploit Louisville Class
Metasploitable (a target)
Corelan T4
intern0t: developing my first exploit
[video]DHAtEnclaveForensics: Exploit Creation in Metasploit
Wikibooks Metasploit/Writing Windows Exploit
Corelan T9
projectShellcode: Shellcode Tutorial
[Book]Shellcoder's Handbook Ch3
[Book]Hacking art of exploitation [Chapter 5]
Writing small shellcode
Shell-storm Shellcode database
Advanced shellcode
Parallel Learning #3:(constant place to reference and use for reversing)
Understanding Code
Reverse Engineering the World
Reversing for Newbies
Room362.com reversing blog post
Ethicalhacker.net intro to reverse engineering
acm.uiuc.edu Intro to Reverse Engineering software
[Book]Reversing: secrets of reverse engineering
[video]Reverse Engineering from cryptocity.net
CrackZ's Reverse Engineering Page
Reverse engineering techniques
CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View
HistoryofPackingTechnology
Windows PE Header
OpenRCE Articles
[GAME]Crackmes.de
Parallel Learning #4:(To the end of the course and beyond)
Find old exploits on Exploit-db download them, test them, rewrite them, understand them.
(Part A: preventions)
Buffer overflow protection
The evolution of Microsoft's Mitigations
Purdue.edu: Canary Bit
Preventing the exploitation of SEH Overwrites with SEHOP
Bypassing SEHOP
Wikipedia Executable space protextion
Wikipedia DEP
Bypassing Hardware based DEP
Wikipedia ASLR
Symantec ASLR in Vista
Defeating the Stack Based Buffer Overflow Prevention
Corelan T6
Return to libc
[video] microsoft protections video
(Part B: Advanced BOF)
[video]Exploitation from cryptocity.net
Corelan T7
Corelan T8
Corelan T10
Virtual Worlds - Real Exploits
[GAME]Gera's Insecure Programming
[GAME]Smash the stack wargaming network
Heap Overflows for Humans-101
rm -rf / on heap overflow
w00w00 on heap overflow
[book]Shellcoder's Handbook Ch4&5
h-online A heap of Risk
[video]Defcon 15 remedial Heap Overflows
heap overflow: ancient art of unlink seduction
Memory corruptions part II -- heap
[book]Read the rest of Shellcoder's Handbook
Exploit-DB
Injector
CVE Details
Packetstorm
CERT
Mitre
National Vulnerability Database
(bonus: site that lists types of vulnerabilties and info)
Common Weakness Enumberation
1. Fuzzing
2. File Format
3. and more
If anyone has any good links to add post a comment and I will try to add them or send me the link and I will review and add it.
If anyone finds any bad or false information in any of these tutorials please let me know. I do not want people reading this getting bad information.
Saturday, June 19, 2010
Free to learn
Places to go online to learn for free. This is a small list but I tried to just keep it to some of the good ones.
Courses
http://www.offensive-security.com/metasploit-unleashed/
http://www.youtube.com/user/StanfordUniversity
http://www.youtube.com/user/MIT
http://pentest.cryptocity.net/
http://opensecuritytraining.info/Training.html
books
http://freecomputerbooks.com/compscHardwareBooks.html
http://www.scribd.com/
Other
http://www.shell-storm.org/papers/index.php?lg=english
http://www.securitytube.net/
http://www.theacademypro.com/index.php
Enjoy!
Myne-us
Courses
http://www.offensive-security.com/metasploit-unleashed/
http://www.youtube.com/user/StanfordUniversity
http://www.youtube.com/user/MIT
http://pentest.cryptocity.net/
http://opensecuritytraining.info/Training.html
books
http://freecomputerbooks.com/compscHardwareBooks.html
http://www.scribd.com/
Other
http://www.shell-storm.org/papers/index.php?lg=english
http://www.securitytube.net/
http://www.theacademypro.com/index.php
Enjoy!
Myne-us
Thursday, May 13, 2010
practice makes perfect
This is a list of sites and images where you can practice your skills. Enjoy!
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
http://www.kioptrix.com/blog/?page_id=135
http://netwars.info/
http://www.dvwa.co.uk/
http://www.damnvulnerablelinux.org/
http://hackerdemia.com/
http://www.badstore.net/
http://www.mavensecurity.com/web_security_dojo/
http://www.fatetek.net/training.shtml
http://www.net-force.nl/challenges/
http://www.enigmagroup.org
http://listbrain.awardspace.biz
http://haxme.org/missions/
http://www.hackquest.de/index.php
http://www.hackthissite.org/
http://challenges.ihtb.org/
http://www.dareyourmind.net/menu.php
http://www.intruded.net/wargames.html
http://www.hellboundhackers.org/
http://www.bright-shadows.net/
http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security
http://www.makeuseof.com/tag/top-5-websites-to-learn-how-to-hack-like-a-pro/
http://www.try2hack.nl/
http://www.astalavista.com/index.php?app=hackingchallenge
http://www.trythis0ne.com/?page=home
http://www.hackertest.net/
http://hax.tor.hu/warmup1/
http://www.caesum.com/game/
http://crackmes.de/
http://www.hack4u.org/index.php?choices=1&code=level0
http://community.core-sdi.com/~gera/InsecureProgramming/
http://testasp.acunetix.com/Templatize.asp?item=html/about.html
http://test.acunetix.com/disclaimer.php
http://ha.ckers.org/challenge/
http://ha.ckers.org/challenge2/
http://community.core-sdi.com/~gera/InsecureProgramming/LinkedBy.html
http://www.overthewire.org/wargames/
http://www.smashthestack.org/
http://www.wechall.net/index.php
http://hackme.ntobjectives.com/
http://wocares.com/xsstester.php
http://www.osix.net/
http://projecteuler.net/index.php?section=problems
http://uva.onlinejudge.org/index.php?option=com_onlinejudge&Itemid=8&category=3
http://www.rootcontest.com/
http://www.cyber-wars.com/
http://roothack.org/
http://www.mod-x.co.uk/main.php
http://www.introversion.co.uk/uplink/about.html
http://whitewolfsecurity.typepad.com/
https://www.vte.cert.org/vteweb/RequestAccess/GetAccess.aspx
http://lost-chall.org/
http://hax.tor.hu/peek/
http://www.hacker.org/
http://thisislegal.com/
http://www.happyhacker.org/wargame/index.shtml
http://neworder.box.sk/link.php
http://www.webantix.net/hacking/war-games-current-and-past-hacking-simulators-and-challanges/
http://www.lifedork.net/wargames-online-hackers-training.html
http://www.room362.com/blog/2009/5/29/getting-your-fill-of-security.html
http://hack.thebackupbox.net/cgi-bin/pageview.cgi?page=wargames
http://ace.delos.com/usacogate
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
(if anyone had anything to add to these let me know and I will update the list.)
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
http://www.kioptrix.com/blog/?page_id=135
http://netwars.info/
http://www.dvwa.co.uk/
http://www.damnvulnerablelinux.org/
http://hackerdemia.com/
http://www.badstore.net/
http://www.mavensecurity.com/web_security_dojo/
http://www.fatetek.net/training.shtml
http://www.net-force.nl/challenges/
http://www.enigmagroup.org
http://listbrain.awardspace.biz
http://haxme.org/missions/
http://www.hackquest.de/index.php
http://www.hackthissite.org/
http://challenges.ihtb.org/
http://www.dareyourmind.net/menu.php
http://www.intruded.net/wargames.html
http://www.hellboundhackers.org/
http://www.bright-shadows.net/
http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security
http://www.makeuseof.com/tag/top-5-websites-to-learn-how-to-hack-like-a-pro/
http://www.try2hack.nl/
http://www.astalavista.com/index.php?app=hackingchallenge
http://www.trythis0ne.com/?page=home
http://www.hackertest.net/
http://hax.tor.hu/warmup1/
http://www.caesum.com/game/
http://crackmes.de/
http://www.hack4u.org/index.php?choices=1&code=level0
http://community.core-sdi.com/~gera/InsecureProgramming/
http://testasp.acunetix.com/Templatize.asp?item=html/about.html
http://test.acunetix.com/disclaimer.php
http://ha.ckers.org/challenge/
http://ha.ckers.org/challenge2/
http://community.core-sdi.com/~gera/InsecureProgramming/LinkedBy.html
http://www.overthewire.org/wargames/
http://www.smashthestack.org/
http://www.wechall.net/index.php
http://hackme.ntobjectives.com/
http://wocares.com/xsstester.php
http://www.osix.net/
http://projecteuler.net/index.php?section=problems
http://uva.onlinejudge.org/index.php?option=com_onlinejudge&Itemid=8&category=3
http://www.rootcontest.com/
http://www.cyber-wars.com/
http://roothack.org/
http://www.mod-x.co.uk/main.php
http://www.introversion.co.uk/uplink/about.html
http://whitewolfsecurity.typepad.com/
https://www.vte.cert.org/vteweb/RequestAccess/GetAccess.aspx
http://lost-chall.org/
http://hax.tor.hu/peek/
http://www.hacker.org/
http://thisislegal.com/
http://www.happyhacker.org/wargame/index.shtml
http://neworder.box.sk/link.php
http://www.webantix.net/hacking/war-games-current-and-past-hacking-simulators-and-challanges/
http://www.lifedork.net/wargames-online-hackers-training.html
http://www.room362.com/blog/2009/5/29/getting-your-fill-of-security.html
http://hack.thebackupbox.net/cgi-bin/pageview.cgi?page=wargames
http://ace.delos.com/usacogate
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
(if anyone had anything to add to these let me know and I will update the list.)
Tuesday, May 11, 2010
SSH tunnel pivot
Hello everyone. Have some new videos posted about ssh tunneling and pivots.
Let me know what you think and if have any suggestions.
part 1
Part 2
Part3
Link to De-ICE
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
core commands
SSH -L localport:targetip:targetport username@pivotmachine
ncat 127.0.0.1 localport
nmap -sV -p[localport] 127.0.0.1
thanks
Myne-us
Let me know what you think and if have any suggestions.
part 1
Part 2
Part3
Link to De-ICE
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
core commands
SSH -L localport:targetip:targetport username@pivotmachine
ncat 127.0.0.1 localport
nmap -sV -p[localport] 127.0.0.1
thanks
Myne-us
Subscribe to:
Posts (Atom)