martes, 10 de febrero de 2009

If you are doing your homework correctly, you will get... (II)


Dear Diary,
Tokyo's Trainning is next week, and I just finished writing the last exercise for day 3. If you did it correctly, your Visualsploit would look like figure above.
The exercise is for Windows 2003, and the objective is to exploit the heap overwriting a Lookaside pointer. The options were, I made my own server or the students have to install Citrix 4.5 to own Brett Moore bug ;)
After the lookaside trick, it will be pulling a HEAP to Stack trick, and finishing with a ret2libc to disable DEP protection.
Learning how to exploit the heap correctly is like learning programming, once you learn how to code in C you can do it on everything else.
The C of heap learning is Windows 2000 Exploitation. Once you master the way to control the heap, predict how it's gonna look and diagnose a crash without looking at code, you are ready for everything else (And that's pretty much include other SO heaps).
That's the real extra value of this class, and that is why the first day of class is so hard.

In other news, someone wrote a paper on format string using Immunity Debugger http://milw0rm.com/papers/282.

Cheers,
Nico
PS: Tomorrow I have tickets for Peter Murphy for the first time in Buenos Aires. I'm so getting a Bauhaus tshirt.

No hay comentarios: