d

Exploit: The Complete Documentation

• This category contains 10 Papers
• The last paper was added on 2007-03-26 (YYYY-MM-DD)

BIND 8.2 - 8.2.2 *Remote root Exploit How-To*

Published on , by E-Mind, n.c.

Désolé, aucune description n'est disponible.

Examining a Public Exploit, Part 1

Published on 2004-08-11, by Don Parker, ©SecurityFocus.

To many people, the world of computer security and intrusion detection can often be confusing to understand. As an instructor, many of the people who ask me about intrusion detection and packet analysis often ask the same questions, such as the following: What tools do you use? Can you practice and learn this at home? What kind of knowledge does one need to have? These and other questions figure predominantly.

Examining a Public Exploit, Part 2

Published on 2004-09-15, by Don Parker, ©SecurityFocus.

The first part of this article series set out to create an environment that allowed readers to examine a public exploit as it was sent across the network. The purpose of this exercise is to help the reader understand the complex world of intrusion detection and low-level packet analysis, so that he can better secure his network.

Exploiting Cisco Routers (Part One)

Published on 2002-09-29, by Mark Wolfgang, ©SecurityFocus.

This two-part article will focus on identifying and exploiting vulnerabilities and poor configurations in Cisco routers. We will then discuss the analysis of the router configuration file and will attempt to leverage this access into other systems. Additionally, we will cover the possibilities of what one may do once access to the device has been achieved. We chose to focus this article on Cisco routers due to their overwhelming market share.

Exploiting Cisco Routers: Part 2

Published on 2003-12-01, by Mark Wolfgang, ©SecurityFocus.

Welcome back! The first article in this two-part series covered a few different methods of getting into the target router. This article will focus on what we can do once we've gotten in. For the remainder of this article, we'll assume that the only progress we've made is that we've gotten the below router config via the vulnerable HTTP server. At this point, Access Control Lists (ACLs) prevent us from logging in directly to the router.

Exploiting the Otherwise Unexploitable on Windows

Published on 2006, by skywing, skape, ©Uninformed.

This paper describes a technique that can be applied in certain situations to gain arbitrary code execution through software bugs that would not otherwise be exploitable, such as NULL pointer dereferences. To facilitate this, an attacker gains control of the top-level unhandled exception filter for a process in an indirect fashion. While there has been previous work illustrating the usefulness in gaining control of the top-level unhandled exception filter, Microsoft has taken steps in XPSP2 and beyond, such as function pointer encoding, to prevent attackers from being able to overwrite and control the unhandled exception filter directly. While this security enhancement is a marked improvement, it is still possible for an attacker to gain control of the top-level unhandled exception filter by taking advantage of a design flaw in the way unhandled exception filters are chained. This approach, however, is limited by an attacker’s ability to control the chaining of unhandled exception filters, such as through the loading and unloading of DLLs. This does reduce the global impact of this approach; however, there are some interesting cases where it can be immediately applied, such as with Internet Explorer.

Metasploit Framework - Part 1

Published on 2004-07-12, by Pukhraj Singh and K.K. Mookhey, ©SecurityFocus.

At present the exploit development community (hackers and security professionals alike) is more sentient than ever before. The timeline between the release of an advisory and the development of an exploit has shrunk to a great extent. Exploit development, which was considered more of Wiccan art, has reached large masses. The network security administrator needs to be more vigilant then ever before as the enemy is always one step ahead with the latest exploit in his hand.

Metasploit Framework - Part 2

Published on 2004-09-08, by Pukhraj Singh and K.K. Mookhey, ©SecurityFocus.

In the first part of this article series, we discussed how writing exploits is still a painful and time-consuming process. We discussed the common obstacles faced during exploit development and how the Metasploit Framework can solve some of the problems. This article will start off with a brief introduction to the console interface and explain how to select and use an exploit module. We will then cover the environment system, how it works, and what features can be enabled through it.

Metasploit Framework - Part 3

Published on 2004-09-14, by Pukhraj Singh and K.K. Mookhey, ©SecurityFocus.

In the previous two parts (part 1, part 2) of this article series we discussed the agility and ease of usage of the Metasploit Framework in an end-user environment. Moving further we will cover additional usage details and provide a brief insight of the MSF from a developer's perspective. Version 2.2 of the Framework was released in August 2004, and its immense potential was showcased at the Blackhat 2004 and Defcon 12 security conferences, which witnessed a jam-packed house during presentations by HD Moore and Spoonm.

Metasploit v2.6 Web Interface

Published on 2006, by Chris Gates, ©The Ethical Hacker Network.

In a previous tutorial by another EH-Net columnist, Justin Peltier, we showed you the command line interface for Metasploit. This time around, Chris Gates takes you through the process of automating your penetration tests with the web interface provided with the Metasploit Framework. This one covers v2.6, but look for one in the coming months on v3. As always, the web interface, as with any GUI, offers ease of use. Of course, with that ease of use comes less flexibility. Chris takes you on an extensive tour of a handy addition to this powerful tool.

Caution: With tools such as these, we do not condone their use for anything but testing networks for which you have the authority and for implementing defensive measures. Have fun!