EXPLOITING SOFTWARE 02/11 EXPLOIT FORMAT STRINGS WITH PYTHON

Cracking Java Applications Using AOP Exploits (part 2)
By Daniel Drozdzewski
AOP has been used in the domain of Software Security before. Its use was mainly for validation, auditing and authorization purposes, which in turn improve software security as a whole. Those crosscutting concerns are being woven into the existing software after the fully functional code has been delivered. Making the process two staged, allows separating the responsibilities.
In the second part of the series, Daniel will present the reader with a bit more advanced use of AOP, which will allow us to reverse engineer obfuscated Java applications. On top of that he will show a trick of password post selection, which we use to find parts of the code crucial to password processing, which in turn will allow us to switch the whole password verification off.

Exploiting Format Strings with Python
By Craig Wright
Format string attacks are not particularly new. Since their widespread public release in 2000, format string vulnerabilities have picked up in intensity as buffer overflows become less common and more widely known. From an unknown start a decade ago, they have become a common means to exploiting system applications. These vulnerabilities remain an issue as we still teach them.
It is not uncommon for format string vulnerabilities to allow the attacker to view all the memory contained within a process. This is useful as it aids in locating desired variables or instructions within memory. With this knowledge, an attacker can exploit the vulnerability to successfully exploit code and even bypass control such as Address Space Layout Randomization.
In this article Craig will discuss crafting attacks using python in order to attack through DPA (Direct Parameter Access) such that you can enact a 4-byte overwrite in the DTORS and GOT (Global Access Table) and prepares the reader for a follow-up article on exploiting the GOT and injecting shell code. Craig demonstrates how these simple but still often overlooked and even taught vulnerabilities can be used to read arbitrary locations from memory, write to memory and execute commands and finally to gain a shell.

Smashing the Stack 2
By Mariano Graziano and Marco Balduzzi
Modern operating systems come with sophisticated protection mechanisms to prevent one-click exploitations. But, how can attackers bypass such techniques to compromise remote machines all over the world? And downloading PDF documents is always a safe practice?
Mariano and Marco will describe the different protection mechanisms that have been introduced in modern operating system to make exploitation more difficult. They will aslo present several popular workarounds used by attacker to bypass such techniques. Finally, they will analyze a real exploit for a Acrobat Reader’s stack-based buffer overflow.

Inspecting Https Traffic On Gateways
By Kishin Fatnani                                                                                                                                                                                                                 In the past, security devices inspecting application content for attack patterns, misuse or malware, had been blind to encrypted traffic and because of this, encrypted protocols such as Hypertext Transfer Protocol Secure (HTTPS) have been a safe method used by attackers to bypass security inspection.
Though reverse proxies and Web Server modules have been there for long, they only inspect incoming traffic e.g. connections made to protected web servers in the organization. Inspecting outgoing traffic or traffic of connections made by users to outside world servers not protected by the device, had been on the wish lists. These days, devices come with the capability to inspect Secure Sockets Layer (SSL) based outgoing traffic, however there are some concerns by enabling such kind of inspection. In this article we cover some basics of SSL, the challenges in inspecting SSL traffic, and also see how Check Point’s HTTPS Inspection feature is able to inspect HTTPS traffic at the gateway. After reading this article you will know the pros and cons of enabling SSL inspection on a gateway.

Webapp Exploitation in a Shared Hosting Environment
By Richard Cruse
Web applications are a concept that is quickly becoming the norm for the modern individuals’ online presence. Whether someone is looking for a full featured E-Commerce solution, or simply wants to be able to post images and text to a blog when the mood takes them, there is a webapp/CMS capable of fulfilling that functionality, with little to no background knowledge required from the user.
Richard will outline an idea on how to gain access into hosting accounts (via shell injection) on shared hosting services. Exploiting properties of session authentication, unregistered POSTS and un-sanitized global inputs.
You will learn how to use common web browser and command line utilities in order to gain full access to systems running Joomla, and OsCommerce.

Reversing EXE witht OllyDbg
By Nilesh Kumar
What is reverse engineering (RE)? Normaly, the source code is in human readable form, object files are binary files with human-readable symbols. Executables are pure binaries. When we attempt to revert a binary executable into its object form, it is called disassembly. Converting an object file into source code is called decompilation. The whole process is called reverse engineering.
Nilesh illustrates the reverse engineering of a sample executable file, and how to patch it. You will learn how to reverse engineer an exe. The ultimate goal of RE is to bypass the checks to get the things done your way. The process of RE may differ person to person, and program to program.