Friday, May 20, 2011

Update

Sorry for the lack of updates.  Keep an eye out over the next couple weeks for a new recipe. 

Also,  feel free to leave comments for any request you might have to see a particular type of vulnerability.

Wednesday, April 6, 2011

Resources

As promised here are some resources you can use to learn more about exploit development:
There are tons of resources within these websites to help you understand and get started writing your own exploits.

    Saturday, April 2, 2011

    Recipe 2 - CVE-2010-0033 PowerPoint Viewer

    We will be exploiting CVE-2010-0033 in this recipe.  The advisory describes a stack based overflow in PowerPoint Viewer's TextByteAtom record.

    There are public exploits available for this.  I felt it was good to show a SEH based exploit, since the last recipe was a direct EIP overwrite.

    This recipe was tested on Windows Vista 32 bit.

    You will need the following applications/tools to complete this recipe:
    • PowerPoint Viewer (Version 11.0.8164.0, Office 2003) 
    • PowerPoint (For making slides.)
    • Immunity Debugger (1.8 was used)
    • pvefindaddr (Peter Van Eeckhoutte's Immunity Debugger plugin)
    • Metasploit ( For payload generation)
    • Notepad++ (You can use any text editor, I just prefer this one)
    • HxD (You can use any Hex Editor, this is just the one I use)

    Wednesday, March 30, 2011

    Recipe 1 - CVE-2010-4540 Gimp

    For this recipe we will be exploiting CVE-2010-4540.  The CVE describes a stack based buffer overflow in Gimp's Lighting Effects plugin.

    We will be writing the exploit under Windows XP SP2 for now, so we can avoid the extra protections put in place on newer versions of windows.

    You will need the following applications/tools to complete this recipe:
    • Gimp (2.6.11 was used)
    • Immunity Debugger (1.8 was used)
    • pvefindaddr (Peter Van Eeckhoutte's Immunity Debugger plugin)
    • Metasploit ( For payload generation)
    • Notepad++ (You can use any text editor, I just prefer this one)
    • HxD (You can use any Hex Editor, this is just the one I use) 

    Sunday, March 27, 2011

    Assumptions

    As stated in my first post,  I do not plan on re hashing content that is already available.  So I will be assuming that the reader already has some understanding of the tools in use and has a good idea of how exploits work.  If you are unaware of how the tools work or exploit writing in general, I would recommend heading over to Peter Van Eeckhoutte's blog  and reading his exploit writing tutorials.  I will make a post later with a collection of more resources.

    I will try to the best of my ability to cover vulnerabilities that do not have public exploits.  This may not always be the case, if I think that a particular technique would be good to show.

    I will not provide malicious exploits.  I will simply show the process of reading an advisory and writing an exploit for it in a proof of concept fashion. 

    Finally, I am not responsible for any damage done to your computer or others while following posts.  They are meant to be purely educational for the reader and their research.

    Thursday, March 24, 2011

    Grand Opening!

    I would like to welcome everyone to my "kitchen".  I will be posting anything related to security research and my own studies, with a focus on exploit development.

    There are plenty of great resources and blogs out there today on exploit development. I do not aim to rewrite anything that is available on the subject, but to provide examples of exploiting more current software vulnerabilities by reading advisories.  I do this in the hopes that it will help readers understand exploit methods easier by seeing real world examples.  It certainly would of helped me when I started out.