Search:

Type: Posts; User: c0d3inj3cT

Page 1 of 3 1 2 3

Search: Search took 0.29 seconds.

  1. Replies
    6
    Views
    3,076

    For the purpose of future reference for whoever...

    For the purpose of future reference for whoever comes across this thread and is looking for a solution, follow the link below:


    http://code.google.com/p/knock/
  2. Replies
    2
    Views
    3,784

    This is again a brief analysis. There are a lot...

    This is again a brief analysis. There are a lot of functions defined in the ActionScript, so to make it easier for analysis, I will present the flow.

    Start tracing from within function, v25()

    ...
  3. Replies
    2
    Views
    3,784

    CVE-2012-0779 - Flash Player Exploit

    This is regarding a latest Flash Player Exploit which is being used in the wild, mostly being served to victims in the form of Word Documents.

    A brief overview before we get to the good stuff:
    ...
  4. Replies
    8
    Views
    6,281

    Using the steps mentioned in my paper, you can...

    Using the steps mentioned in my paper, you can deobfuscate this JS and get the following code:

    I have added the necessary comments wherever needed.


    <script>
    ...
  5. Replies
    8
    Views
    6,281

    A snippet of the first few lines from the...

    A snippet of the first few lines from the malicious HTML:

    348

    The applet tag has the various attributes like, code, archive, cod HTML encoded.

    Decoding this, we get:


    <applet/*/...
  6. Replies
    8
    Views
    6,281

    We will start with the JS Deobfuscation. I...

    We will start with the JS Deobfuscation.

    I will at first pick the second malicious JS sent to us in the response. However, I will not mention the details and instead put the link to my paper on...
  7. Replies
    8
    Views
    6,281

    Blackhole Exploit Kit

    It's been out there in the wild for quite sometime. It is a good package of multiple Exploits targeting client side vulnerabilities in Java, Adobe, Shockwave. You can find it uploaded on compromised...
  8. Replies
    2
    Views
    27,979

    Sticky: Good. However, since the MySQL version is 5.x.x,...

    Good. However, since the MySQL version is 5.x.x, you can take the help of information_schema to enumerate rather than guessing table names.

    It need not always be users. To help you in this case,
    ...
  9. We have to find the function pointer to...

    We have to find the function pointer to AddConsoleAliasA function.

    Now, let's analyze Function III,

    In function III, we traverse the AddressOfNames array, take each RVA and add it to the base...
  10. Now, we will understand the above set of...

    Now, we will understand the above set of instructions much better using Windbg.

    I will take AddConsoleAliasA as an example. By Walking through the above functions, I will highlight, how the...
  11. Function III: 1. pushad ; save...

    Function III:


    1. pushad ; save the contents of registers to the stack
    2. xor edx, edx ; clear the contents of edx. edx will store the index number of the API in the...
  12. An insight into OS Internals with Rustock.B Rootkit

    This time, we will apply the knowledge gained from my previous articles about IAT, EAT of a PE and also about Process Environment Block.

    I have taken the Rustock.B rootkit as an example and this...
  13. Article: Breaking The Crypt - Advanced Hash Cracking

    You can view the page at http://www.garage4hackers.com/content.php?r=103-Breaking-The-Crypt-Advanced-Hash-Cracking
  14. Article: John The Ripper (JTR) - Tweak That Attack!

    You can view the page at http://www.garage4hackers.com/content.php?r=102-John-The-Ripper-(JTR)-Tweak-That-Attack!
  15. In the above method, I have dumped the contents...

    In the above method, I have dumped the contents of memory addresses (Flinks) and used the offsets to see what is there. But to understand better, we need to look
    deeper into the double linked...
  16. This also means that we can reference the TEB...

    This also means that we can reference the TEB using, fs:[0] and since we have PEB at offset 0x030 in the TEB, so PEB can be located using, fs:[30]. Putting all the pieces of information together,...
  17. Method 1: Windbg provides pseudo registers like...

    Method 1: Windbg provides pseudo registers like $peb which point to the base address of PEB data structure within the process VA space. Let's read this value by prefixing it with @ symbol.

    ...
  18. Deep Dive into Process Environment Block with Windbg

    We will understand how to walk through a PEB data structure in win32 environment.

    Process Environment Block is an important data structure from an exploiter's perspective. A shellcode executes a...
  19. Replies
    1
    Views
    15,653

    Windbg Narly

    Narly is an extension for Windbg which helps us in fetching details about the Loaded Modules of an Executable such as following:


    /SafeSEH protected
    DEP and ASLR compatible modules
    /GS flag...
  20. Let's get the list of function names now: The...

    Let's get the list of function names now:

    The RVA of the pointer to AddressOfNames array is: 00002650

    to dump the contents of this array, let's add it to the base address and display:

    dd...
  21. A summary of the Structure: This structure...

    A summary of the Structure: This structure contains pointers to 3 Arrays. The pointers are in the form of RVAs relative to the base address of the Image.

    What are these arrays?
    ...
  22. The data directories I am interested in are: ...

    The data directories I am interested in are:

    Export Directory
    Import Address Table Directory.

    Let's begin with IAT.

    If we look at the theory, it can be quite a complicated task to...
  23. PE Header: Let's see how the PE header of our...

    PE Header: Let's see how the PE header of our main executable, notepad.exe looks like.

    the basic syntax is: !dh <image base address> <options>

    In our case, image base address of notepad.exe is...
  24. PE's Import Address Table and Export Table Walkthrough using Windbg

    We are going to understand the Portable Executable structure, the concepts and various data directories inside it. To summarize, I will explain the OS internals with the help of Windbg.

    At first,...
  25. Java Applet Attack Evolution with Metasploit

    In this video I demonstrate different ways in which Java Applets are used to perform remote code execution with Browser Exploits.

    http://vimeo.com/33818972

    The latest variant of these attacks...
Results 1 to 25 of 67
Page 1 of 3 1 2 3