Re: exploit detection?



Robert Larsen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2010-12-14 20:13, Littlefield, Tyler wrote:
Hello all, I would like to start playing with this, though I am
really not sure where to get started. My goal for now is to just
help out open source software by finding these and submitting
information on it so they can be fixed. I know c, some assembly,
c++ and a few other languages that I think might help, but I'm
really not sure where you'd get started with something like this. I
know about buffer overflows, (and I have played with them a bit),
but with the address randomization, there has to be many other ways
out there. What is something I can start working with to be able to
help out somewhere? I really want the experience that would come
out of this sort of work.

Knowing how to work around security features such as ASLR (address
space layout randomization), stack cookies and DEP (data execution
prevention) would probably be a good start.

For ASLR I think this is the best reference:
http://netsec.cs.northwestern.edu/media/readings/defeating_aslr.pdf

DEP can be defeated using return into libc:
http://www.infosecwriters.com/text_resources/pdf/return-to-libc.pdf

Some stack cookie implementations are rather trivial to exploit. I
don't know if they are actually used. On my Ubuntu machine the stack
cookie is random and contains nulls and other nasty stuff. But not all
buffer overflows are on the stack, and sometimes you don't even have
to overwrite the return pointer. There may exist other stuff on the
stack before the cookie that is interesting to overwrite.
I suggest also to check the latest techniques in buffer overflow attacks using ROP.
I recommend reading this paper and presentation here: http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
Also, there are other attack vectors, such as SQL injections, file
inclusion attacks, XSS, etc. which may apply more to web based software.

Good luck :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0IiV8ACgkQzDMeisFqGZaSmgCfWb83JieEuE9KJTt4mEcZnIDM
rroAoLgZ708kh5RfUT4u1XWO+dHu7nnN
=WcAe
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: exploit detection?
    ... help out open source software by finding these and submitting ... stack cookies and DEP (data execution ... Some stack cookie implementations are rather trivial to exploit. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: exploit detection?
    ... help out open source software by finding these and submitting ... but with the address randomization, there has to be many other ways ... stack cookies and DEP (data execution ... Some stack cookie implementations are rather trivial to exploit. ...
    (Security-Basics)