«
Expand/Collapse
33 items tagged "rop"
Related tags:
tool 2 [+],
buffer [+],
buffer overflow [+],
usa [+],
stack buffer [+],
remote buffer overflow [+],
proftpd [+],
overflow [+],
netsupport [+],
manager agent [+],
yourself [+],
x rop [+],
whitepaper [+],
txt [+],
protection [+],
pdf [+],
oriented programming [+],
office [+],
null [+],
mscomctl [+],
linux x86 [+],
linux distributions [+],
linux [+],
issue [+],
floating point numbers [+],
exploits [+],
e zine [+],
audio extractor [+],
audio [+],
armor protection [+],
aoa [+],
active x [+],
web application security [+],
thanh nguyen [+],
stefan esser [+],
php vulnerability [+],
php [+],
payload [+],
malaysia [+],
hack in the box [+],
data [+],
code [+],
arbitrary code execution [+],
tool [+],
gadget tool [+],
gadget [+],
binaries [+],
elf format [+]
-
-
11:57
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
-
11:57
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
-
11:57
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
-
-
16:38
»
Packet Storm Security Recent Files
Go Null Yourself E-zine Issue 6 - Topics in this issue include Floating Point Numbers Suck, How Skynet Works, Defeating NX/DEP With return-to-libc and ROP, and more.
-
16:38
»
Packet Storm Security Misc. Files
Go Null Yourself E-zine Issue 6 - Topics in this issue include Floating Point Numbers Suck, How Skynet Works, Defeating NX/DEP With return-to-libc and ROP, and more.
-
-
17:00
»
Packet Storm Security Recent Files
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
17:00
»
Packet Storm Security Tools
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
17:00
»
Packet Storm Security Misc. Files
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
-
18:54
»
Packet Storm Security Recent Files
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
18:54
»
Packet Storm Security Tools
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
18:54
»
Packet Storm Security Tools
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
18:54
»
Packet Storm Security Misc. Files
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
-
1:39
»
SecDocs
Authors:
Long Le Tags:
exploiting Event:
Black Hat USA 2010 Abstract: Return-oriented programming (ROP) is one of the buzzing advanced exploitation techniques these days to bypass NX. There are several practical works using ROP techniques for exploitations on Windows, iPhoneOS to bypass DEP and code signing but no any practical ROP work for modern Linux distributions so far. Main issues for ROP exploitations on Linux x86 include ASCII-Armor address protection which maps libc address starting with NULL byte and Address Space Layout Randomization (ASLR). In this presentation we will show how we can extend an old return-into-libc technique to a stage-0 loader that can bypass ASCII-Armor protection and make ROP on Linux x86 become a reality. In addition, by reusing not only codes but also data from the binary itself, we can build any chained ret2libc calls or ROP calls to bypass ASLR protection. A new ROP tool to build and search for ROP instructions will be released in the presentation.
-
1:39
»
SecDocs
Authors:
Long Le Tags:
exploiting Event:
Black Hat USA 2010 Abstract: Return-oriented programming (ROP) is one of the buzzing advanced exploitation techniques these days to bypass NX. There are several practical works using ROP techniques for exploitations on Windows, iPhoneOS to bypass DEP and code signing but no any practical ROP work for modern Linux distributions so far. Main issues for ROP exploitations on Linux x86 include ASCII-Armor address protection which maps libc address starting with NULL byte and Address Space Layout Randomization (ASLR). In this presentation we will show how we can extend an old return-into-libc technique to a stage-0 loader that can bypass ASCII-Armor protection and make ROP on Linux x86 become a reality. In addition, by reusing not only codes but also data from the binary itself, we can build any chained ret2libc calls or ROP calls to bypass ASLR protection. A new ROP tool to build and search for ROP instructions will be released in the presentation.
-
-
10:29
»
SecDocs
Authors:
Stefan Esser Tags:
exploiting PHP Event:
Black Hat USA 2010 Abstract: In 2009 one of the hottest topics has been code reuse and return oriented programming as means to bypass exploitation mitigation features in modern operating systems. We have seen ROP being applied to x86, SPARC, ARM and even election machines. Time has come to take ROP into the world of web application security. This presentation consists of two parts that will apply code reuse and ROP techniques to modern PHP exploits. The first part will show how ROP is applied entirely at the PHP level, reusing code parts of the already running PHP application to eventually achieve arbitrary code execution. It will be detailed how different PHP vulnerability classes can be used for these attacks, demonstrating some lesser known facts and tricks in PHP exploitation on the way. The second part of the presentation will go below the PHP level and feature a previously unknown memory corruption in PHP itself that is exposed to remote attackers through several widespread PHP applications. It will be demonstrated step by step how it is possible to develop a remote exploit for this vulnerability, defeating ASLR and NX/DEP on the way, by utilizing an information leak and returning into the PHP interpreter to execute arbitrary PHP code.
-
-
10:26
»
Packet Storm Security Recent Files
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
10:26
»
Packet Storm Security Tools
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
10:26
»
Packet Storm Security Misc. Files
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
-
-
8:05
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.
-
8:05
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.
-
8:05
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution