I have looked at your demo and downloaded the code.  It's simply a badly written c program with buf ...
muteki 發表於 2013-1-9 15:15


As I mentioned and the source code already commented, the source code is an exercise.  Therefore, it should be vulnerability.  Nothing surprise.  I just tell you that the "vuln-server_static" is not a real application as you think that it should be already patched long time ago.

The demo is just to demonstrate what I wanted to point it out.  Nothing special.  I don't know why so many people over-reacted.  The article is not completed and  something missing.  Newbies will treat this not completed article as bible.  That is what I want to point it out.  

I am not saying that I am the only one that thinking difference or seeing the situation.  I just saying that the captioned quote is my quote.  I am just an origin person and nothing special.  I have a lot of amazing things to learn.  There are many outstanding and amazing persons in the world.  The situation should be found by someone many years ago already, I am sure.  Here, I just pointed it out.   

Logical?  May be I am really not very logical so that I can develop an exploit code like this, don't know.

Samiux

TOP

You have successfully convinced me I have no hope of trying to communicate with you!  :)

TOP

你都算好有耐性㗎喇..
You have successfully convinced me I have no hope of trying to communicate with you!  :)
muteki 發表於 2013-1-9 17:13

TOP

Logical?  May be I am really not very logical so that I can develop an exploit code like this, don't know.

samiux 發表於 2013-1-9 16:48


我都曾經操過buffer overflow, 想當年既kernel 2.4基本上有buffer overflow 都好容易inject 到shell code, 但宜家既kernel 會randomize memory address, 唔turn off 呢個feature既話都幾難搞......btw你上面個video 有無turn off到ASLR??

TOP

你的動機很無聊
為左要proof 去hack一個host可以bypass syslog std output? 咁部process overflow左當然output唔到落個log file度啦

比你proof 到咁又點, 只係proof到個programming logic就是這樣, 1)request, 2)response and then 3)write log. That's it!

如果你今時今日搵下d家用既或者搵下d cheap cheap smb仲擺隻web server俾你試下都仲有收獲既...
有無聽過Layered security /defense in depth, 咦家要做番你demo既效果又可以係一間well structured premises 上"不留痕跡"係罕見囉
你唔駛再proof啦呢d old news啦, 如果你要試不如玩下zero day啦, 不過你小心啦, 公開地方, 好多人睇住你架, 後生仔

TOP

我都曾經操過buffer overflow, 想當年既kernel 2.4基本上有buffer overflow 都好容易inject 到shell code ...
有你便有我 發表於 2013-1-9 17:42
  1. root@bt:~# ./checksec.sh --file vuln-server_static
  2. RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
  3. No RELRO        No canary found   NX enabled    No PIE          No RPATH   No RUNPATH   vuln-server_static
  4. root@bt:~# cat /proc/sys/kernel/randomize_va_space
  5. 2
複製代碼
For your reference.

Samiux

TOP

You have successfully convinced me I have no hope of trying to communicate with you!  :)
muteki 發表於 2013-1-9 17:13



I am very glad to communicate with you.  According to your messages, you should be an elite programmer, at least.

Samiux

TOP

本帖最後由 samiux 於 2013-1-10 00:20 編輯
你的動機很無聊
為左要proof 去hack一個host可以bypass syslog std output? 咁部process overflow左當然out ...
cyrus_ho 發表於 2013-1-9 23:31


Thank you for your concern.

Every thing is under control.  I did it in my laboratory.  Nothing is live.

By the way, I received formal training and certified.

Samiux

TOP

本帖最後由 samiux 於 2013-1-12 16:59 編輯

The Java vulnerability is mentioned at HKEPC today.  However, nobody will know what it is talking about and the effectiveness.  

I hereby attached the "Security Discussions" in Ubuntu Forums for your reference.

Samiux

Update reason : fix link

TOP

However, nobody will know what it is talking about and the effectiveness.

Here are the technical details for anyone interested...
http://www.kb.cert.org/vuls/id/625617

TOP