Ultimi Articoli
- Use the source, Luke!
- Sleeping
- Oracle WebLogic Connector JSESSIONID BoF exploit
- Hi There!
- MS SQL Server sp_replwritetovarbin Heap Overflow
- MS Internet Explorer XML Parsing Remote Exploit
- Opera 9.62 URL Handler Heap Overflow
- Exploiting BitTorrent
- Vuln: Nagios 'statuswml.cgi' Remote Arbitrary Shell..
-
Nagios 'statuswml.cgi' Remote Arbitrary Shell Command In..
- Vuln: Sun Java Runtime Environment and Java Develop..
-
Sun Java Runtime Environment and Java Development Kit Mu..
- Vuln: ModSecurity Multiple Remote Denial of Service..
-
ModSecurity Multiple Remote Denial of Service Vulnerabil..
Categories
Commenti
- viagra:Thanks
- margaret:mxdhG3 ega7Kl0d
- nataly:JmiIex ghUnxCcz
- h4x0r:Yeahhh ! i,m w
- Esxeicmp:this post is fa
- Esxeicmp:this post is fa
- Rbwekpke:Jonny was here
- nogood87:magic story ver
- Diva:Jonny was here
- Jozef:magic story ver
- bobber:perfect design
- Hfgcemdh:Best Site good
- richard:ljsxGv dkv7Rq29
- Wwuhvjkv:It's funny good
- Kcttvkyj:Thanks funny si
- Fgzockhj:very best job
- Tycnwuxz:Very interestin
- Qjvyvvbu:very best job
- sammy:mNAcKb vkoo7wvY
- snip:All work and no
- testonly:hi, i tried thi
- John1494:Very nice site!
- Ignmwjil:Good crew it's
- John622:Very nice site!
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
The sexy side of information security, benvenuti su PornoSecurity!
Use the source, Luke!
Posted on 2009-06-17 17:58:10 in PornoSecurity
Hi there, as a proof that I'm alive and kickin I wanna show you this.This is the same as Apple iTunes 8.1.1.10 (itms/itcp) Remote Buffer Overflow Exploit (win), but not the same :)
It's just... somewhat easier. I wrote it in a couple of hours while watching HD porn(I can prove that! I have a witness :).
It is a little tricky but not hard at all.
As you may know or not metasploit can do alfanumeric shellcode with a little exception: it can't do alfanum getpc(). What I mean is that is not able to make alfanumeric opcodes that will find the shellcode location in memory and so if you try to make an alfanumeric shellcode with mfsencode you'll always get some non-alfanumeric characters: the instructions used to calculate the absolute position in memory of the shellcode.
It turns out that msfencode has an undocumented option(it was undocumented for a while but could be that now it's written somewhere, I didn't checked it) that you can use to tell it that there's no need to calculate anything because the location of the shellcode is already on a register, it's the BufferRegister=REG32 option. With that specified you'll get pure alfanumeric shellcode.
It's funnny to know how many people are not aware of this option. It's funny to know how many people don't even try to understand *why* they don't get what they want when they see those non-alfanumeric chars.
Sleeping
Posted on 2009-06-15 10:54:49 in PornoSecurity
No, I'm not spleeping. I'm working hard, on different things. I got some very interesting bugs but some said: "no more free bugs"... I'm wondering if that's the Right Thing To Do(tm) but in the meantime...I'm also working hard on reverse engineering since I suck at it: reversing patches, malware, unpacking and the likes. I hope I can share some of my work with you soon.
Oracle WebLogic Connector JSESSIONID BoF exploit
Posted on 2009-04-01 17:30:43 in PornoSecurity
So, I wrote this some time ago and there's no reason to keep it private anymore. You can find it here as usual(submitted now, could need a couple of hours to be published).This is CVE-2008-5457 and it was an "unspecified vulnerability" so I had to reverse engineer the patch provided by oracle.
I wrote a nice post with technical infos at http://www.securitydate.it