Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security Challenge IV (Experimental)

2»

Comments

  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Hm... Keeps terminating beforehand here. At least with putty. I tried with telnet, and it terminates after a single character. I'm guessing that the buffer is larger than 1 byte.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    dlofnep wrote: »
    Hm... Keeps terminating beforehand here. At least with putty. I tried with telnet, and it terminates after a single character. I'm guessing that the buffer is larger than 1 byte.

    It is yeah. Try connecting with raw in putty. Seems fine with windows telnet also.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Ah yeah - works fine raw :) I'm on the case now.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Exploit coded for XP SP3. Pretty straight forward. Do you want me to send you on the code?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    You can yeah, but maybe in PM, as you will see why below. You handled DEP also or disabled it?

    I was thinking of hosting this again (well would re-write the server again as I no longer have the code, but its only small, like a handful of lines of code.), and the attacker could use various tools out there to assist is building an exploit.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    I didn't do anything with DEP. Default XP SP3 install. Will send it on in a PM.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    dlofnep wrote: »
    I didn't do anything with DEP. Default XP SP3 install. Will send it on in a PM.

    Strange, normally DEP prevents basic attacks, even in SP2.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    At first I thought your virtual machine wasn't supporting hard DEP through the NX bit (you can test with: http://user.cs.tu-berlin.de/~normanb/), but I have read more into it and it seems OptIn is the default configuration for Win XP, so this will only apply to some system binaries and services (in a challenge, this exe would be launched as a service, so I dunno if it applies to system services or custom ones?).




    I think I will re-do this server, maybe change things around so the user will have to do more than a basic overflow with further tasks/thinking needed. That is, if there is interest for it.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Always interest in a security challenge :) Just keep the challenge so that it's do-able. I know alot of people might not have experience with buffer overflows.. so maybe start with a new one first, and then add a second part to it at a later date? That way, you can wean people into the challenges.

    Just a thought.


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Setup and testing is all done. Part 5 should be up this evening all going well.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Excellent, will look forward to it :)


  • Registered Users Posts: 60 ✭✭obviousTroll


    Any chance I can jump on this bandwagon Damo? If so, please PM me the details. Muchos gracias.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Yeah just look at this thread for details : http://www.boards.ie/vbulletin/showthread.php?t=2056368594


  • Registered Users Posts: 60 ✭✭obviousTroll


    Thanks Damo.


Advertisement