Sorry for the lack of updates. Keep an eye out over the next couple weeks for a new recipe.
Also, feel free to leave comments for any request you might have to see a particular type of vulnerability.
Friday, May 20, 2011
Wednesday, April 6, 2011
Resources
As promised here are some resources you can use to learn more about exploit development:
- Peter Van Eeckhoutte's Blog
- IT-Sec-Catalog Exploitation Wiki
- Myne-us - A Journey Into Exploitation
- Shell-Storm
Saturday, April 2, 2011
Recipe 2 - CVE-2010-0033 PowerPoint Viewer
We will be exploiting CVE-2010-0033 in this recipe. The advisory describes a stack based overflow in PowerPoint Viewer's TextByteAtom record.
There are public exploits available for this. I felt it was good to show a SEH based exploit, since the last recipe was a direct EIP overwrite.
This recipe was tested on Windows Vista 32 bit.
You will need the following applications/tools to complete this recipe:
- PowerPoint Viewer (Version 11.0.8164.0, Office 2003)
- PowerPoint (For making slides.)
- Immunity Debugger (1.8 was used)
- pvefindaddr (Peter Van Eeckhoutte's Immunity Debugger plugin)
- Metasploit ( For payload generation)
- Notepad++ (You can use any text editor, I just prefer this one)
- HxD (You can use any Hex Editor, this is just the one I use)
Wednesday, March 30, 2011
Recipe 1 - CVE-2010-4540 Gimp
For this recipe we will be exploiting CVE-2010-4540. The CVE describes a stack based buffer overflow in Gimp's Lighting Effects plugin.
We will be writing the exploit under Windows XP SP2 for now, so we can avoid the extra protections put in place on newer versions of windows.
You will need the following applications/tools to complete this recipe:
We will be writing the exploit under Windows XP SP2 for now, so we can avoid the extra protections put in place on newer versions of windows.
You will need the following applications/tools to complete this recipe:
- Gimp (2.6.11 was used)
- Immunity Debugger (1.8 was used)
- pvefindaddr (Peter Van Eeckhoutte's Immunity Debugger plugin)
- Metasploit ( For payload generation)
- Notepad++ (You can use any text editor, I just prefer this one)
- HxD (You can use any Hex Editor, this is just the one I use)
Sunday, March 27, 2011
Assumptions
As stated in my first post, I do not plan on re hashing content that is already available. So I will be assuming that the reader already has some understanding of the tools in use and has a good idea of how exploits work. If you are unaware of how the tools work or exploit writing in general, I would recommend heading over to Peter Van Eeckhoutte's blog and reading his exploit writing tutorials. I will make a post later with a collection of more resources.
I will try to the best of my ability to cover vulnerabilities that do not have public exploits. This may not always be the case, if I think that a particular technique would be good to show.
I will not provide malicious exploits. I will simply show the process of reading an advisory and writing an exploit for it in a proof of concept fashion.
Finally, I am not responsible for any damage done to your computer or others while following posts. They are meant to be purely educational for the reader and their research.
Thursday, March 24, 2011
Grand Opening!
I would like to welcome everyone to my "kitchen". I will be posting anything related to security research and my own studies, with a focus on exploit development.
There are plenty of great resources and blogs out there today on exploit development. I do not aim to rewrite anything that is available on the subject, but to provide examples of exploiting more current software vulnerabilities by reading advisories. I do this in the hopes that it will help readers understand exploit methods easier by seeing real world examples. It certainly would of helped me when I started out.
There are plenty of great resources and blogs out there today on exploit development. I do not aim to rewrite anything that is available on the subject, but to provide examples of exploiting more current software vulnerabilities by reading advisories. I do this in the hopes that it will help readers understand exploit methods easier by seeing real world examples. It certainly would of helped me when I started out.
Subscribe to:
Posts (Atom)