tag:blogger.com,1999:blog-76504519809653104372024-03-05T08:49:20.846+01:00Pushebxspnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.comBlogger21125tag:blogger.com,1999:blog-7650451980965310437.post-63600649323580513042014-06-11T15:27:00.002+02:002014-06-11T15:27:42.726+02:00Comandos utiles para poner el teclado de Linux en español<br />
<b>Comandos utiles para poner el teclado de Linux en español.</b><br /><br />$ locale -a<br /><div>
<br /></div>
<div>
$ sudo nano /etc/default/locale<br /><ul>
<li>LANG=”es_ES.UTF-8″</li>
<li>LC_ALL=”es_ES.UTF-8″</li>
<li>LANGUAGE=”es_ES”</li>
</ul>
<div>
$ sudo dpkg-reconfigure console-setup<br /><br />$ sudo dpkg-reconfigure keyboard-configuration<div>
<br /></div>
<div>
<br /></div>
</div>
</div>
<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com1tag:blogger.com,1999:blog-7650451980965310437.post-87704960475397672842014-05-28T21:04:00.000+02:002014-05-28T21:04:09.708+02:00Uso de rdektop desde linux para conectar con un windows vmware virtual machine<br />
<div style="text-align: justify;">
Es posible conectar con una windows virtual machine de vmware que tenga activado el remote desktop con el siguiente comando, sin tener que usar la interfaz de vmware para poder usar dicha virtual machine:</div>
<blockquote class="tr_bq">
rdesktop -g workarea -a 16 -E -D -x l -u “user name” -p “[pass]” [computer name or IP]</blockquote>
La opcion "-g workarea" hace que se adapte la pantalla al area de trabajo de linux dejando la barra de Unity si usas Ubuntu por ejemplo.<br />
<br />
Tambien podemos usar la opcion "-f" para ponerlo a pantalla completa<br />
<br />
<span style="font-size: x-small;">Referencias: <a href="http://sgmlxml.net/sgmlxmlblogs/?p=97">http://sgmlxml.net/sgmlxmlblogs/?p=97</a></span><br />
<br /><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-51333232394631868782014-03-13T20:53:00.000+01:002014-05-28T21:04:28.087+02:00Tools to Combat Malware<br />
<a href="http://thisisudax.org/"><b><span style="font-size: large;">Junkware Removal Tool</span></b></a><br />
<br />
<div>
<a href="http://thisisudax.org/">http://thisisudax.org/</a><br />
<br />
Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This tool will help you remove these types of programs.<br />
<br />
<br />
<a href="http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner"><span style="font-size: large;"><b>AdwCleaner</b></span></a><br />
<br />
<div>
<a href="http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner">http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner</a><br />
<br />
AdwCleaner is a free removal tool for :<br />
<ul>
<li>Adware (ads softwares)</li>
<li>PUP/LPI (Potentially Undesirable Program)</li>
<li>Toolbars</li>
<li>Hijacker (Hijack of the browser's homepage)</li>
</ul>
It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall".<br />
<br />
It's compatible with Windows XP, Vista, 7, 8, 8.1 in 32 & 64 bits.</div>
</div>
<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-50454713423328041032013-11-24T15:04:00.001+01:002013-12-15T12:47:50.062+01:00Security, Pentest and Programming Trainings<div style="text-align: center;">
<u><span style="font-family: Verdana, sans-serif; font-size: x-large;"><b>Open Security Training</b></span></u></div>
<u><span style="font-family: Verdana, sans-serif; font-size: large;"><b><br /></b></span></u>
<a href="http://opensecuritytraining.info/Training.html"><span style="font-family: Verdana, sans-serif; font-size: large;">http://opensecuritytraining.info/Training.html</span></a><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">You can find:</span><br />
<ul>
<li><span style="font-family: Verdana, sans-serif;">Current stats:</span></li>
<li><span style="font-family: Verdana, sans-serif;">53 days of open source class materials</span></li>
<li><span style="font-family: Verdana, sans-serif;">22 classes (12 with videos)</span></li>
<li><span style="font-family: Verdana, sans-serif;">18 instructors</span></li>
</ul>
<br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Beginner Classes:</span><br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<br />
<ul>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Android Forensics & Security Testing</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Certified Information Systems Security Professional (CISSP)® Common Body of Knowledge (CBK)® Review</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Flow Analysis & Network Hunting</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Hacking Techniques and Intrusion Detection </span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration </span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Introduction to ARM </span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Introduction to Network Forensics</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Introduction to Vulnerability Assessment</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Introduction to Trusted Computing</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Offensive, Defensive, and Forensic Techniques for Determining Web User Identity</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Malware Dynamic Analysis</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">The Life of Binaries </span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Understanding Cryptology: Core Concepts</span></li>
<li style="text-align: justify;"><span style="font-family: Verdana, sans-serif;">Understanding Cryptology: Cryptanalysis</span></li>
</ul>
<br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Intermediate Classes:</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<ul>
<li><span style="font-family: Verdana, sans-serif;">Introduction to Software Exploits (Exploits 1) </span></li>
<li><span style="font-family: Verdana, sans-serif;">Exploits 2: Exploitation in the Windows Environment </span></li>
<li><span style="font-family: Verdana, sans-serif;">Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration </span></li>
</ul>
<br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Advanced Classes: </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<ul>
<li><span style="font-family: Verdana, sans-serif;">Advanced x86: Virtualization with Intel VT-x </span></li>
<li><span style="font-family: Verdana, sans-serif;">Introduction to Reverse Engineering Software </span></li>
<li><span style="font-family: Verdana, sans-serif;">Reverse Engineering Malware </span></li>
<li><span style="font-family: Verdana, sans-serif;">Rootkits: What they are, and how to find them </span></li>
<li><span style="font-family: Verdana, sans-serif;">The Adventures of a Keystroke: An in-depth look into keylogging on Windows</span></li>
</ul>
<br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: Verdana, sans-serif; font-size: x-large;"><b><u>SecurityXploded Security Training</u></b></span></div>
<span style="background-color: #f6f6f6; color: #222222; letter-spacing: 1px; line-height: 23px; text-align: center;"><span style="font-family: Verdana, sans-serif; font-size: large;"><u><b><br /></b></u></span></span>
<a href="http://securityxploded.com/security-training.php"><span style="font-family: Verdana, sans-serif; font-size: large;">http://securityxploded.com/security-training.php</span></a><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">You can find:</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"></span><br />
<ul><span style="font-family: Verdana, sans-serif;">
<li style="text-align: justify;"><b><a href="http://securityxploded.com/security-training-reversing-malware-analysis.php">Reverse Engineering & Malware Analysis Training</a>:</b> This is our first free Training session focused on teaching basics of Reverse engineering and Malware analysis. It starts with guide on lab setup, learning Windows internals/PE formats/assembly and then moves on to practical malware analysis sessions. </li>
</span></ul>
<span style="font-family: Verdana, sans-serif;">
</span>
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;">
<ul>
<li style="text-align: justify;"><b><a href="http://securityxploded.com/security-training-advanced-malware-analysis.php">Advanced Malware Analysis Training</a>:</b> This is our second and latest free training series focusing on advanced aspects of malware analysis including Rootkits, Botnets, Sandbox Analysis, Mobile Malwares etc.</li>
</ul>
</span><br />
<div>
<br /></div>
<div style="text-align: center;">
<span style="font-family: Verdana, sans-serif; font-size: x-large;"><b><u>PentesterLab</u></b></span></div>
<div style="text-align: center;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<a href="https://www.pentesterlab.com/exercises/"><span style="font-size: large;">https://www.pentesterlab.com/exercises/</span></a></div>
<div style="text-align: justify;">
<br /></div>
<b>The Exercises</b><br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated. We provide you real systems with real vulnerabilities.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Download the ISO and the PDF. Boot the ISO using any virtualisation software and start learning!</div>
<div style="text-align: justify;">
<br /></div>
<span style="font-family: Verdana, sans-serif;"></span><br />
<div style="font-size: xx-large; text-align: center;">
<span style="font-family: Verdana, sans-serif;"><u><b>European Union Agency for Network and Information Security</b></u></span></div>
<span style="font-family: Verdana, sans-serif;">
</span>
<div>
<br /></div>
<div>
<a href="http://www.enisa.europa.eu/activities/cert/support/exercise"><span style="font-family: Verdana, sans-serif; font-size: large;">http://www.enisa.europa.eu/activities/cert/support/exercise</span></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;"></span><br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;">ENISA CERT Exercises and training material was introduced in 2008, in 2012 it was complemented with new exercise scenarios containing essential material for success in the CERT community and in the field of information security. In this page you will find the ENISA CERT Exercise material,containing Handbook for teachers, Toolset for students and Virtual Image to support hands on training sessions.</span></div>
<span style="font-family: Verdana, sans-serif;">
</span>
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;">
<div style="text-align: center;">
<span style="font-size: x-large;"><b><u>Coursera</u></b></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<a href="https://www.coursera.org/"><span style="font-size: large;">https://www.coursera.org</span></a></div>
</span><br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><b>About Coursera</b></span></div>
<span style="font-family: Verdana, sans-serif;"></span><br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;">
</span>
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;">We believe in connecting people to a great education so that anyone around the world can learn without limits.</span></div>
<span style="font-family: Verdana, sans-serif;">
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Coursera is an education company that partners with the top universities and organizations in the world to offer courses online for anyone to take, for free. Our technology enables our partners to teach millions of students rather than hundreds.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We envision a future where everyone has access to a world-class education that has so far been available to a select few. We aim to empower people with education that will improve their lives, the lives of their families, and the communities they live in.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Our Courses</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Classes offered on Coursera are designed to help you master the material. When you take one of our classes, you will watch lectures taught by world-class professors, learn at your own pace, test your knowledge, and reinforce concepts through interactive exercises. When you join one of our classes, you'll also join a global community of thousands of students learning alongside you. We know that your life is busy, and that you have many commitments on your time. Thus, our courses are designed based on sound <a href="https://www.coursera.org/about/pedagogy">pedagogical foundations</a>, to help you master new concepts quickly and effectively. Key ideas include mastery learning, to make sure that you have multiple attempts to demonstrate your new knowledge; using interactivity, to ensure student engagement and to assist long-term retention; and providing frequent feedback, so that you can monitor your own progress, and know when you've really mastered the material.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We offer <a href="https://www.coursera.org/courses">courses in a wide range of topics, </a>spanning the Humanities, Medicine, Biology, Social Sciences, Mathematics, Business, Computer Science, and many others. Whether you're looking to improve your resume, advance your career, or just learn more and expand your knowledge, we hope there will be multiple courses that you find interesting.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<span style="font-size: x-large;"><div style="text-align: center;">
<b><u>Metasploit Unleashed</u></b></div>
</span></span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<a href="http://www.offensive-security.com/metasploit-unleashed/Main_Page"><span style="font-family: Verdana, sans-serif; font-size: large;">http://www.offensive-security.com/metasploit-unleashed/Main_Page</span></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;">This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework. </span></div>
<span style="font-family: Verdana, sans-serif;">
</span>
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;">
<br /><a href="http://www.offensive-security.com/metasploit-unleashed/File:Msfu_logo_3.png"><img src="http://www.offensive-security.com/w/images/f/f6/Msfu_logo_3.png" height="201" width="400" /></a><br /><br /><br /><br /><div style="text-align: justify;">
This is a free online course and if you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $9.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.</div>
</span><br />
<div style="text-align: justify;">
<br /></div>
<br />
<div style="text-align: center;">
<b style="font-family: Verdana, sans-serif; font-size: xx-large;"><u>Python Challenge</u></b></div>
<span style="font-family: Verdana, sans-serif;"><br /><br /><a href="http://www.pythonchallenge.com/"><span style="font-size: large;">http://www.pythonchallenge.com/</span></a></span><br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;">Python Challenge is a game in which each level can be solved by a bit of (Python) programming.</span></div>
<span style="font-family: Verdana, sans-serif;">
</span>
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;">
<div style="text-align: justify;">
The Python Challenge was written by Nadav Samet.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
All levels can be solved by straightforward and very short1 scripts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Python Challenge welcomes programmers of all languages. You will be able to solve most riddles in any programming language, but some of them will require Python.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Sometimes you'll need extra modules. All can be downloaded for free from the internet.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is just for fun - nothing waits for you at the end.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Keep the scripts you write - they might become useful. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
</span><br />
<div style="text-align: center;">
<b><span style="font-family: Verdana, sans-serif; font-size: x-large;"><u>Microsoft Virtual Academy</u></span></b></div>
<br />
<span style="font-family: Verdana, sans-serif;"><a href="http://www.microsoftvirtualacademy.com/"><span style="font-size: large;">http://www.microsoftvirtualacademy.com/</span></a><br /><br />What is MVA?</span><br />
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;">Successful technologists never stop learning and great technology never stops evolving. Microsoft Virtual Academy (MVA) offers online Microsoft training delivered by experts to help technologists continually learn, with hundreds of courses, in 11 different languages. Our mission is to help developers, knowledgeable IT professionals and advanced students learn the latest technology, build their skills, and advance their careers. MVA is free of charge, and the entire service is hosted on Windows Azure.</span></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><br />
<div style="text-align: center;">
<span style="font-family: Verdana, sans-serif;"><span style="font-size: x-large;"><b><u>VulnHUB</u></b></span></span></div>
<span style="font-family: Verdana, sans-serif;">
</span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /><span style="font-size: large;"><a href="http://vulnhub.com/">http://vulnhub.com/</a></span></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br />Aim/Goal</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br />To provide material(s) allowing anyone to gain practical 'hands-on' experience in digital security, computer application & network administration. </span><br />
<br />
<span style="font-family: Verdana, sans-serif;">A lot of Pentest ISOs to practice.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-55961970446012042642013-10-08T18:13:00.001+02:002013-10-08T18:16:27.958+02:00free -m, How much memory is actually being used in Linux?<span style="font-family: Courier New, Courier, monospace;">$ free -m; python -c '[ "x" * 1000000000 ]'; free -m</span><br />
<span style="font-family: Courier New, Courier, monospace;"> total <span style="background-color: #666666;">used free</span> shared buffers cached</span><br />
<span style="font-family: Courier New, Courier, monospace;">Mem: 256 <span style="color: red;"> 249 6</span> 0 0 235</span><br />
<span style="font-family: Courier New, Courier, monospace;">-/+ buffers/cache: 13 242</span><br />
<span style="font-family: Courier New, Courier, monospace;">Swap: 256 23 232</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">Killed</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> total <span style="background-color: #666666;">used free</span> shared buffers cached</span><br />
<span style="font-family: Courier New, Courier, monospace;">Mem: 256 <span style="color: red;"> 9 246</span> 0 0 1</span><br />
<span style="font-family: Courier New, Courier, monospace;">-/+ buffers/cache: 8 247</span><br />
<span style="font-family: Courier New, Courier, monospace;">Swap: 256 28 227</span><br />
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<h4>
<span style="font-family: Trebuchet MS, sans-serif; font-size: large;">python powered :P</span></h4>
<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-79821087844948564592013-10-08T18:01:00.001+02:002013-10-08T18:32:41.879+02:00Raspberry and TP-Link TL-WN725N V2 - Personal notes<br />
<h2>
<u>Getting the driver [1]: </u></h2>
<br />
<span style="font-family: Courier New, Courier, monospace;">wget https://dl.dropboxusercontent.com/u/80256631/8188eu-20130830.tar.gz<br /><br />tar -zxvf 8188eu-20130830.tar.gz<br /><br />sudo install -p -m 644 8188eu.ko /lib/modules/3.6.11+/kernel/drivers/net/wireless<br /><br />sudo insmod /lib/modules/3.6.11+/kernel/drivers/net/wireless/8188eu.ko<br /><br />sudo depmod -a</span><br />
<u><br /></u>
<div>
<h2>
<u>Setting the network [2]:</u></h2>
<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"> $ sudo nano /etc/network/interfaces<br /><br />auto lo<br /> <br />iface lo inet loopback <br />iface eth0 inet dhcp <br /> <br />auto wlan0 <br />allow-hotplug wlan0 <br />iface wlan0 inet dhcp <br /> wpa-scan-ssid 1 <br /> wpa-ap-scan 1 <br /> wpa-key-mgmt WPA-PSK <br /> wpa-proto RSN WPA <br /> wpa-pairwise CCMP TKIP <br /> wpa-group CCMP TKIP <br /> wpa-ssid "My Secret SSID" <br /> wpa-psk "My SSID PSK" <br /> <br />iface default inet dhcp </span><br />
<br />
<br />
[1] <a href="http://www.raspberrypi.org/phpBB3/viewtopic.php?p=419095#p419095">http://www.raspberrypi.org/phpBB3/viewtopic.php?p=419095#p419095</a><br />
<br />
<br />
[2] <a href="http://learn.adafruit.com/adafruits-raspberry-pi-lesson-3-network-setup/setting-up-wifi-with-occidentalis">http://learn.adafruit.com/adafruits-raspberry-pi-lesson-3-network-setup/setting-up-wifi-with-occidentalis</a></div>
<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-56094469525459287672013-01-24T14:33:00.000+01:002013-01-24T14:33:27.918+01:00How to install nmap latest version$ svn co https://svn.nmap.org/nmap<br />
$ cd nmap<br />
$ ./configure<br />
$ make<br />
<br />
$ ./nmap -V<br />
<br />
Nmap version 6.26SVN ( http://nmap.org )<br />
Platform: x86_64-unknown-linux-gnu<br />
Compiled with: nmap-liblua-5.2.1 openssl-1.0.1 libpcre-8.12 libpcap-1.1.1 nmap-libdnet-1.12 ipv6<br />
Compiled without:<br />
Available nsock engines: epoll poll select<br />
<div>
<br /></div>
<div>
$</div>
<div>
<br /></div>
<div>
<br /></div>
<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-22579180194532690682011-10-12T17:14:00.004+02:002011-12-14T21:30:34.716+01:00Capture de Flags (CTF)<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnKXcBvwRekxuGTrNK7aad9lMeSLkpaNTAgGpIybhlzafKE4coGQosjQy8c4XTBR52iiFWyHGmpiYIce8AElHmS-Hs8an_YZ_3a81RUKrMOwmOdB45rBHOoI9Wc0H3fRexb4-_7zOdJ-eo/s1600/0x0042.png"><img alt="" border="0" height="158" id="BLOGGER_PHOTO_ID_5662625216599641970" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnKXcBvwRekxuGTrNK7aad9lMeSLkpaNTAgGpIybhlzafKE4coGQosjQy8c4XTBR52iiFWyHGmpiYIce8AElHmS-Hs8an_YZ_3a81RUKrMOwmOdB45rBHOoI9Wc0H3fRexb4-_7zOdJ-eo/s400/0x0042.png" style="float: left; height: 158px; margin-bottom: 10px; margin-left: 0px; margin-right: 10px; margin-top: 0px; width: 400px;" width="400" /></a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
La verdad que esta imagen simplifica bastante, todo el tiempo invertido y esfuerzo realizado en <b>algunos</b> CTFs y retos por internet.<br />
<br />
<span style="font-size: 78%;">Source: <a href="http://infosuck.org/0x0042.png">http://infosuck.org/0x0042.png</a></span><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-85117743018231831092011-08-13T14:45:00.007+02:002011-08-13T18:01:44.013+02:00One Dictionary to rule them all<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIFIF8kmZ0voE-yyHFPIoKwf7XRrWvp1kjIM1lZir_jfko58itIJXrgyafzbipTOwR3fDOjw5M6luZW0TC3bxcfRn_k-hwiAl_iHeztGb_48o3DeMplHx5EwvvVytQY27TopgOQ0RBbMMt/s1600/Gand0phtCrack.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 322px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIFIF8kmZ0voE-yyHFPIoKwf7XRrWvp1kjIM1lZir_jfko58itIJXrgyafzbipTOwR3fDOjw5M6luZW0TC3bxcfRn_k-hwiAl_iHeztGb_48o3DeMplHx5EwvvVytQY27TopgOQ0RBbMMt/s400/Gand0phtCrack.PNG" border="0" alt="" id="BLOGGER_PHOTO_ID_5640321168538980562" /></a>
<br /><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div><b><span class="Apple-style-span">Dictionaries:</span></b></div><div>
<br /></div><div><b><a href="http://packetstormsecurity.org/Crackers/wordlists/dictionaries/">http://packetstormsecurity.org/Crackers/wordlists/dictionaries/</a></b></div><div>
<br /></div><div></div><div><a href="http://www.openwall.com/wordlists/">http://www.<b>openwall</b>.com/wordlists/</a></div><div>
<br /></div><div>
<br /></div><div>
<br /></div><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-87515247181222868602011-04-10T14:41:00.007+02:002011-04-10T17:39:34.713+02:00USB 3.0<p>Desde la BackTrack, vemos cuanto tarda en copiar un archivo de 10 Gb, al USB 3.0 (montado en /mnt/copias/)<br /></p><pre class='brush: bash'>root@bt:~# dd if=/dev/zero of=10gb.img bs=1024 count=0 seek=$[1024*1024*10]<br />0+0 records in<br />0+0 records out<br />0 bytes (0 B) copied, 1.7244e-05 s, 0.0 kB/s<br /><br />root@bt:~# dd if=/dev/zero of=10gb1.img bs=1024 count=$[1024*1024*10]<br />10485760+0 records in<br />10485760+0 records out<br />10737418240 bytes (11 GB) copied, 130.913 s, 82.0 MB/s<br /><br />root@bt:~# ls -sh<br />total 11G<br />0 10gb.img 11G 10gb1.img<br /><br />root@bt:~# ls -lh<br />total 11G<br />-rw-r--r-- 1 root root 10G Apr 10 18:24 10gb.img<br />-rw-r--r-- 1 root root 10G Apr 10 18:29 10gb1.img<br /><br />root@bt:~# time cp 10gb1.img /mnt/copias/<br /><br /><br />real 8m58.659s<br />user 0m2.237s<br />sys 1m31.217s<br />root@bt:~#<br /><br />root@bt:~# time cp 10gb.img /mnt/copias/<br /><br />real 0m29.846s<br />user 0m6.753s<br />sys 0m23.035s<br />root@bt:~# <br /><br />root@bt:~# lspci | grep "USB 3.0"<br />04:00.0 USB Controller: NEC Corporation uPD720200 USB 3.0 Host Controller (rev 03)<br />root@bt:~#<br /></pre><p align="justify">Ahora seria cuestion de ver por que uno ocupa espacio y tarda tanto y el otro "no ocupa espacio" y se hace la copia en muy poco tiempo.</p><p align="justify">Buscando por google, obtenemos la respuesta:</p><p align="justify"><a href="http://maarten.lippmann.us/?page_id=116">http://maarten.lippmann.us/?page_id=116</a></p><p align="justify"><em>To create a 10GB sparse file which doesn't allocate any actual space (if the filesystem supports this feature):</em><em><br />dd if=/dev/zero of=sparsefile.img bs=1 seek=10G count=0</em><br /></p><p><a href="http://en.wikipedia.org/wiki/Sparse_file">http://en.wikipedia.org/wiki/Sparse_file</a></p><p><a href="http://www.flexhex.com/docs/articles/sparse-files.phtml">http://www.flexhex.com/docs/articles/sparse-files.phtml</a><br /></p><p><br /></p><br /><p><a href="http://www.flexhex.com/docs/articles/img/sparse-file.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 435px; height: 194px;" src="http://www.flexhex.com/docs/articles/img/sparse-file.png" border="0" alt="" /></a></p><p align="center">Sparse file</p><p align="center"><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-57022229874667272872011-03-14T11:50:00.012+01:002017-01-14T16:01:06.521+01:00Penetration Testing - Vulnerable - ISO<div align="justify">
Adjunto una relación de imagenes para <span style="font-weight: bold;">penetration Testing,</span> se pueden montar sobre VMWare o VirtualBox y practicar (Si veo mas las ire añadiendo):</div>
<div align="justify">
<br />
<br /></div>
<strong><span style="font-size: x-large;">Holynix:</span></strong><br />
<div align="justify">
<a href="http://pynstrom.net/index.php?page=holynix.php">http://pynstrom.net/index.php?page=holynix.php</a></div>
<div align="justify">
Holynix is an Linux distribution that was deliberately built to have security holes for the purposes of penetration testing.<br />
The object of the challenge v1 is to gain root level privileges and access to personal client information.<br />
Register on the forums to receive an email update when a new challenge is released.</div>
<div align="justify">
<br />
<br /></div>
<div align="justify">
<strong><span style="font-size: x-large;">WackoPicko:</span></strong></div>
<div align="justify">
<a href="https://github.com/adamdoupe/WackoPicko">https://github.com/adamdoupe/WackoPicko</a><strong><br /></strong></div>
<div align="justify">
WackoPicko Vulnerable Website<br />
WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners.</div>
<div align="justify">
<br />
<br /></div>
<div align="justify">
<strong><span style="font-size: x-large;">De-ICE:</span></strong></div>
<div align="justify">
<a href="http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks">http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks</a></div>
<div align="justify">
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.</div>
<div align="justify">
<br />
<br /></div>
<span style="font-size: x-large;"><strong>Metasploitable:</strong></span><br />
<a href="http://blog.metasploit.com/2010/05/introducing-metasploitable.html">http://blog.metasploit.com/2010/05/introducing-metasploitable.html</a><br />
<div align="justify">
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image.</div>
<div align="justify">
One of the questions that we often hear is "What systems can i use to test against?" Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes.</div>
<div align="justify">
<br />
<br /></div>
<strong><span style="font-size: x-large;">exploit.co.il Vulnerable Web App:</span></strong><br />
<a href="http://sourceforge.net/projects/exploitcoilvuln/">http://sourceforge.net/projects/exploitcoilvuln/</a><br />
<div align="justify">
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured</div>
<div align="justify">
<br />
<br /></div>
<span style="font-size: x-large;"><strong>Badstore:</strong></span><br />
<a href="http://www.badstore.net/">http://www.badstore.net/</a><br />
<div align="justify">
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.</div>
<div align="justify">
<br />
<br /></div>
<strong><span style="font-size: x-large;">Virtual Hacking Lab (pentoo):</span></strong><br />
<a href="http://sourceforge.net/projects/virtualhacking/">http://sourceforge.net/projects/virtualhacking/</a><br />
<div align="justify">
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.</div>
<div align="justify">
<br />
<br /></div>
<strong><span style="font-size: x-large;">PwnOS:</span></strong><br />
<a href="http://code.google.com/p/pwnos/">http://code.google.com/p/pwnos/</a><br />
<div align="justify">
PwnOS is an operating system being written from the ground up to be ideal for making the most of resource-rich dedicated server systems.<br />
The most significant section of the project is to create a core (kernel) that is designed to be best suited for servers (e.g. usually one process with many threads of varying priorities). Much (highly-regulated) assembly language and some C is used here to increase the performance and decrease bloat potential, (because to code this in assembly, it's ESSENTIAL to have excellent, lean code design).<br />
Development of PwnOS will be switching to be done with PwnIDE once PwnIDE reaches version 0.2.4. Development so far has been done with RadASM and MASM32 for assembly, and Dev-C++ and MinGW for C/C++. Documentation is produced with Natural Docs. Custom linking is done with a utility called JLOC, and drive image writing is done with various utilities.</div>
<div align="justify">
<br />
<br /></div>
<div align="justify">
<strong><span style="font-size: x-large;">Damn Vulnerable Linux (DVL):</span></strong></div>
<div align="justify">
<a href="http://www.damnvulnerablelinux.org/">http://www.damnvulnerablelinux.org/</a></div>
<div align="justify">
Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author's university lectures. Its primary goal is to design a Linux system that is as vulnerable as possible -- in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.</div>
<div align="justify">
<br />
<br /></div>
<div align="justify">
<strong><span style="font-size: x-large;">Damn Vulnerable Web App (DVWA):</span></strong></div>
<div align="justify">
<a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk/</a></div>
<div align="justify">
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.</div>
<div align="justify">
<br />
<br /></div>
<div align="justify">
<strong><span style="font-size: x-large;">Moth:</span></strong></div>
<div align="justify">
<a href="http://www.bonsai-sec.com/en/research/moth.php"><span style="font-size: 100%;">http://www.bonsai-sec.com/en/research/moth.php</span></a></div>
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:<span style="font-size: 100%;"><br /></span>- Testing Web Application Security Scanners<span style="font-size: 100%;"><br /></span>- Testing Static Code Analysis tools (SCA)<span style="font-size: 100%;"><br /></span><br />
- Giving an introductory course to Web Application Security<span style="font-size: 100%;"><br /></span><br />
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span>
<span style="font-size: x-large;"><strong>Hacking-Lab:</strong></span><span style="font-size: 100%;"><br /></span><br />
<span style="font-size: 100%;"><a href="http://media.hacking-lab.com/largefiles/livecd/">http://media.hacking-lab.com/largefiles/livecd/</a></span><br />
<span style="font-size: 100%;"><a href="http://hacking-lab.com/Remote_Sec_Lab/livecd.html">http://hacking-lab.com/Remote_Sec_Lab/livecd.html</a></span><br />
<div align="justify">
<span style="font-size: 100%;">This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote. A valid OpenVPN connection is required for accessing the Hacking-Lab server infrastructure. Do you feel like being a beta-tester? Yes? Please make yourself familiar with the the full beta-tester programm where you find everything required to start using Hacking-Lab Remote.</span></div>
<div align="justify">
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: x-large;"><strong>OWASP Broken Web Applications Project:</strong></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://code.google.com/p/owaspbwa/">http://code.google.com/p/owaspbwa/</a></span></div>
<div align="justify">
<span style="font-size: 100%;">Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).</span></div>
<div align="justify">
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: x-large;"><strong>LAMPSecurity Training:</strong></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://sourceforge.net/projects/lampsecurity/">http://sourceforge.net/projects/lampsecurity/</a></span></div>
<div align="justify">
<span style="font-size: 100%;">LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.</span></div>
<div align="justify">
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<strong><span style="font-size: x-large;">Web Security Dojo:</span></strong><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://www.mavensecurity.com/web_security_dojo/">http://www.mavensecurity.com/web_security_dojo/</a></span></div>
<div align="justify">
<span style="font-size: 100%;">A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo.</span></div>
<div align="justify">
<span style="font-size: 100%;">The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.</span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 78%;"><em><span style="color: #ffcccc;">Updated 12/06/2011</span></em></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<strong><span style="font-size: 180%;">owasp-hackademic-challenges:</span></strong><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://code.google.com/p/owasp-hackademic-challenges/">http://code.google.com/p/owasp-hackademic-challenges/</a></span><strong><span style="font-size: 130%;"><br /></span></strong></div>
<div align="justify">
<span style="font-size: 100%;"><br />The OWASP Hackademic Challenges project implements realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective.<br /><br />They have been especially designed for use in a classroom environment where they have been proved a valuable educational tool. Using OWASP Hackademic Challenges project students have the chance to experience application security in a realistic environment, something that triggers their interest and provokes a lot of interesting discussions.</span></div>
<div align="justify">
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 180%;"><strong>Hackxor:</strong></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://hackxor.sourceforge.net/cgi-bin/index.pl">http://hackxor.sourceforge.net/cgi-bin/index.pl</a></span></div>
<div align="justify">
<span style="font-size: 100%;"><br />Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc<br /><br />Features:<br />Client attack simulation using HtmlUnit; no alert('xss') here.<br />Smooth difficulty gradient from moderately easy to fiendishly tricky.<br />Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)<br />Open ended play; progress by any means possible.</span><br />
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 78%;"><em><span style="color: #ffcccc;">Updated 27/07/2011</span></em></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 180%;"><strong>Gruyere:</strong></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://google-gruyere.appspot.com/">http://google-gruyere.appspot.com/</a></span></div>
<div align="justify">
<span style="font-size: 100%;"><br />Want to beat the hackers at their own game?Learn how hackers find security vulnerabilities! Learn how hackers exploit web applications! Learn how to stop them!</span></div>
<div align="justify">
<span style="font-size: 100%;">This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:<br /><br />How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).<br />How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.<br /><br />To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).</span></div>
<br />
<br />
<div align="justify">
<span style="font-size: 78%;"><em><span style="color: #ffcccc;">Updated 28/07/2011</span></em></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 180%;"><strong>Sweet:</strong></span><span style="font-size: 100%;"><br /></span></div>
<div align="justify">
<span style="font-size: 100%;"><a href="http://csis.pace.edu/~lchen/sweet/">http://csis.pace.edu/~lchen/sweet/</a></span></div>
<div align="justify">
<span style="font-size: 100%;"><br />SWEET (Secure WEb dEvelopment Teaching) is a set of portable teaching modules for secure web development. SWEET features eight teaching modules, six project modules and a virtualized web development platform that allows instructors to conduct hands-on laboratory exercises. The purpose of this project is to enhance the learning experience of computing students through standardized teaching modules and environment in secure web development. We have adopted this teaching tool to introduce web security concepts in both undergraduate and graduate courses. Each SWEET teaching module will be enough for a three-hour class containing lecture materials and hands-on laboratory exercises that are relevant to the contents in the lectures.</span></div>
<div align="justify">
<span style="font-size: 100%;"><br /></span>
<span style="font-size: 100%;"><br /></span></div>
<div align="justify">
</div>
<div align="justify" style="font-size: medium; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<span style="font-size: 12px;"><em><span style="color: #ffcccc;">Updated 15/05/2012</span></em></span><span style="font-size: 16px;"><br /></span></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<span style="font-size: x-large;"><span class="Apple-style-span" style="font-family: "arial" , "helvetica" , , "osaka" , "ms pgothic" , sans-serif; font-weight: bold;">On Null Byte Poisoning and XPath Injection</span><span class="Apple-style-span"><strong>:</strong></span></span></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<a href="http://blog.spiderlabs.com/2012/01/on-null-byte-poisoning-and-xpath-injection.html">http://blog.spiderlabs.com/2012/01/on-null-byte-poisoning-and-xpath-injection.html</a></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<a href="https://github.com/SpiderLabs/SQLol">https://github.com/SpiderLabs/SQLol</a></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<a href="http://www.github.com/SpiderLabs/XMLmao">http://github.com/SpiderLabs/XMLmao</a></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<br /></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
From Spiderlabs Blog:</div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<span class="Apple-style-span" style="font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;">Recently I released a tool called</span><span class="Apple-style-span" style="font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;"> </span><span class="Apple-style-span" style="font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;"><a href="http://www.github.com/SpiderLabs/XMLmao" style="text-decoration: underline;" target="_blank" title="XMLmao">XMLmao</a></span><span class="Apple-style-span" style="font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;">, a configurable testbed for learning to exploit XPath injection flaws, developing new attack techniques for XPath injection flaws or simulating real-world XPath injection scenarios, similar to </span><span class="Apple-style-span" style="font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;"><a href="http://www.github.com/SpiderLabs/SQLol" style="text-decoration: underline;" target="_blank" title="SQLol">SQLol</a></span><span class="Apple-style-span" style="font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;">. Among other features, it has challenge scenarios which give you a set of pre-configured options and an objective to complete. As of recently, I've begun to write tutorials for each challenge which will be distributed with their respective testbeds.</span></div>
<div align="justify" style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">
<span class="Apple-style-span" style="color: #333333; font-family: "helvetica" , "verdana" , "arial sans-serif"; font-size: 15px; line-height: 18px;"><br /></span></div>
<b><span style="font-size: large;"></span></b><br />
<div>
<b><span style="font-size: large;"><em style="font-size: 12px; font-weight: normal; text-align: justify;"><span style="color: #ffcccc;">Updated 26/01/2014</span></em></span></b></div>
<b><span style="font-size: x-large;">
bWAPP:</span></b><br />
<div>
<a href="http://www.itsecgames.com/">http://www.itsecgames.com/</a></div>
<div>
<br />
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.<br />
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.<br />
bWAPP prepares to conduct successful penetration testing and ethical hacking projects.<br />
<br />
What makes bWAPP so unique? Well, it has over 60 web vulnerabilities!<br />
It covers all major known web bugs, including all risks from the <a href="http://www.owasp.org/">OWASP</a> Top 10 project.<br />
<br />
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux, Windows and Mac with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.<br />
Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.<br />
<br />
Download our <a href="http://goo.gl/uVBGnq">What is bWAPP?</a> introduction tutorial, including free exercises...<br />
<br />
bWAPP is for educational purposes. Education, the most powerful weapon which we can use to change the world.<br />
Have fun with this free and open source project!<br />
<div>
<br /></div>
<div>
Cheers, Malik Mesellem<br />
<br />
<br />
<b><span style="font-size: large;"><em style="font-size: 12px; font-weight: normal; text-align: justify;"><span style="color: #ffcccc;">Updated 30/08/2014</span></em></span></b><br />
<b><span style="font-size: x-large;">VULN HUB:</span></b><br />
<a href="http://vulnhub.com/">http://vulnhub.com/</a><br />
<br />
<u>Aim/Goal</u></div>
<div>
To provide materials that allows anyone to gain practical 'hands-on' experience in digital security, computer application & network administration. <br />
<br />
<u>Brief History/Purpose</u></div>
<div>
Before you can run, you need to be able to walk. You do so by learning the basics so you an gain of the theory. <br />
Once you're up and walking, you need 'something' to run to (Something to aim for) & you need 'somewhere' that's padded with foam to run about in (so it doesn't matter if you fall over). This is where VulnHub comes in. <br />
<br />
We all learn in different ways: in a group, by yourself, reading books, watching/listening to other people, making notes or things out for yourself. <br />
Learning the basics & understanding them is essential; this knowledge can be enforced by then putting it into practice. <br />
<br />
Over the years people have been creating these resources and a lot of time has been put into them, creating ''hidden gems' of training material. However, unless you know of them, its hard to discover them. <br />
So VulnHub was born to cover as many as possible, creating a catalogue of 'stuff' that is (legally)'breakable, hackable & exploitable' - allowing you to learn in a safe environment and practise 'stuff' out. <br />
When something is added to VulnHub's database it will be indexed as best as possible, to try and give you the best match possible for what you're wishing to learn or experiment with. We will also ask for permission from the original source to mirror the material and to preserve the resources. <br />
<br />
We hope that the community will come together to help each other learn, either by making new material or providing walkthroughs/solutions for existing solutions to help other people. <br />
<br />
You can watch someone else... <br />
Then follow along at the same time... <br />
Afterwards set it up yourself & then try to do it (so you have an insight into the system - white box testing)... <br />
Finally you can start on an unknown source (black box testing)... <br />
...and if you get stuck you can always ask for a nudge! </div>
</div>
<div>
<br /></div>
<div>
<br />
<b><span style="font-size: large;"><em style="font-size: 12px; font-weight: normal; text-align: justify;"><span style="color: #ffcccc;">Updated 01/09/2014</span></em></span></b><br />
<b><span style="font-size: x-large;">Binary Auditing:</span></b><br />
<u><a href="http://www.binary-auditing.com/">http://www.binary-auditing.com/</a></u><br />
<br />
That's not an ISO, but very interesting to learn about reversing.<br />
<br />
Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever.<br />
<br />
Try to solve brain teasing puzzles with our collection of copy protection games. Increasing difficulty and unseen strange tricks.<br />
<br />
Learn how to find and analyse software vulnerability. Dig inside Buffer Overflows and learn how exploits can be prevented.<br />
<br />
Start to analyse your first viruses and malware the safe way. Learn about simple tricks and how viruses look like using real life examples.</div>
<div>
<br /></div>
The training package includes all necessary files to run a complete lecture for Binary Auditing and Reverse Code Engineering at university. All files are well sorted by topics and with increasing difficulty. You need Windows XP, Windows Vista or Windows 7 to use this training package. The training package does NOT include runnable viruses! <br />
<div>
<br /></div>
<div>
<table style="background: rgb(221, 221, 221); border-collapse: collapse; border-spacing: 0px; border: 1px solid rgb(187, 187, 187); color: #333333; font-family: Helvetica, Arial, 'Liberation Sans', FreeSans, sans-serif; font-size: 11px; line-height: 16.5px; margin: 0px 0px 10px; outline: 0px; padding: 0px; vertical-align: baseline; width: 347px;" summary="Overview of the binary auditing training package"><thead style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th class="table-head" colspan="3" style="background: rgb(85, 85, 85); border: 1px solid rgb(85, 85, 85); color: white; font-size: 1em; font-weight: normal; margin: 0px; outline: 0px; padding: 0.4em 1em 0.2em; text-transform: uppercase; vertical-align: baseline;">WHAT IS INSIDE...</th></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(187, 187, 187); border-bottom-color: rgb(136, 136, 136); border-bottom-style: solid; border-width: 0px 0px 2px; margin: 0px; outline: 0px; padding: 0.4em 1em 0.2em; vertical-align: baseline;">Topic</th><th class="currency" style="background: rgb(187, 187, 187); border-bottom-color: rgb(136, 136, 136); border-bottom-style: solid; border-width: 0px 0px 2px; margin: 0px; outline: 0px; padding: 0.4em 1em 0.2em; text-align: right; vertical-align: baseline;">Files</th></tr>
</thead><tfoot style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-top-color: rgb(102, 102, 102); border-top-style: solid; border-width: 2px 0px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">IDA Pro 5.0 (Free)</th><th class="currency" style="background: rgb(238, 238, 238); border-top-color: rgb(102, 102, 102); border-top-style: solid; border-width: 2px 0px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">1</th></tr>
<tr class="total" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-top-color: rgb(102, 102, 102); border-top-style: double; border-width: 6px 0px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-transform: uppercase; vertical-align: baseline;">TOTAL</th><th class="currency" style="background: rgb(238, 238, 238); border-top-color: rgb(102, 102, 102); border-top-style: double; border-width: 6px 0px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; text-transform: uppercase; vertical-align: baseline;">324</th></tr>
</tfoot><tbody style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">HLL Mapping 1 (NOT for training, only as reference!)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">98</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">HLL Mapping 2 (Start here and convert them to C)</th><td class="currency" style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">31</td></tr>
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Manual Decompilation (Simple exercises)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">10</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Algorithm Analysis 1 (Simple math exercises)</th><td class="currency" style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">3</td></tr>
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Algorithm Analysis 2 (Simple math exercises)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">6</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Crash Auditing (more complicated, why crashing?)</th><td class="currency" style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">10</td></tr>
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">File Understanding (Simple to hard Reversemes)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">31</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Copy Protection Auditing (Simple to very hard)</th><td class="currency" style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">47</td></tr>
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Unpacking (Simple exercises)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">3</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Vulnerability Auditing (Simple to intermediate)</th><td class="currency" style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">38</td></tr>
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Malware Auditing 1 (Simple old .com/.exe exercises)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">41</td></tr>
<tr style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Malware Auditing 2 (Some fakes for analysis)</th><td class="currency" style="background: rgb(238, 238, 238); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">4</td></tr>
<tr class="odd" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><th style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; vertical-align: baseline;">Malware Auditing 3 (Simple win32 analysis)</th><td class="currency" style="background: rgb(255, 255, 255); border-bottom-color: rgb(187, 187, 187); border-bottom-style: solid; border-top-color: rgb(187, 187, 187); border-top-style: solid; border-width: 1px 0px; margin: 0px; outline: 0px; padding: 0.2em 1em; text-align: right; vertical-align: baseline;">1</td></tr>
</tbody></table>
</div>
<div>
<br />
<br />
<span style="font-size: x-large;"><b>Life of Binaries:</b></span><br />
<a href="http://opensecuritytraining.info/LifeOfBinaries">http://opensecuritytraining.info/LifeOfBinaries</a><br />
<br />
Same as before, not ISO, but excellent to learn about Asm, Reverse and Exploit.<br />
<br />
Topics include but are not limited to:<br />
<br />
•Scanning and tokenizing source code.<br />
<br />
•Parsing a grammar.<br />
<br />
•Different targets for x86 assembly object files generation. (E.g. relocatable vs. position independent code).<br />
<br />
•Linking object files together to create a well-formed binary.<br />
<br />
•Detailed descriptions of the high level similarities and low level differences between the Windows PE and Linux ELF binary formats. (NOTE: we didn't get to this in the class where the video was recorded, but the materials are in the slides)<br />
<br />
•How an OS loads a binary into memory and links it on the fly before executing it.<br />
<br />
Along the way we discuss the relevance of security at different stages of a binary’s life, from the tricks that can be played by a malicious compiler, to how viruses really work, to the way which malware “packers” duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).<br />
<br />
Lab work includes:<br />
<br />
•Using the new “Binary Scavenger Hunt” tool which creates randomized PE binaries and asks randomized questions about the material you just learned!<br />
<br />
•Manipulating compiler options to change the type of assembly which is output<br />
<br />
•Manipulating linker options to change the structure of binary formats<br />
<br />
•Reading and understanding PE files with PEView<br />
<br />
•Reading and understanding ELF files with Readelf (NOTE: we didn't get to this in the class where the video was recorded, but the materials are in the slides)<br />
<br />
•Using WinDbg and/or GDB to watch the loader dynamically link an executable<br />
<br />
•Using Thread Local Storage (TLS) to obfuscate control flow and serve as a basic anti-debug mechanism<br />
<br />
•Creating a simple example virus for PE<br />
<br />
•Analyze the changes made to the binary format when a file is packed with UPX<br />
<br />
•Using the rootkit technique of Import Address Table (IAT) hooking to subvert the integrity of a program’s calls to external libraries, allowing files to be hidden.<br />
<br />
Knowledge of this material is recommended, but not required, for future classes such as Rootkits, but is required for reverse engineering.<br />
<br />
A student Q&A forum has been set up at http://www.reddit.com/r/OST_LifeOfBinaries.</div>
<div>
<b><span style="font-size: x-large;"><br /></span></b>
<b><span style="color: #ead1dc; font-size: x-small;">(updated 10/01/2017)</span></b></div>
<b><span style="font-size: x-large;">Vulnerability and Attack Labs</span></b><br />
<div>
<b><a href="http://www.cis.syr.edu/~wedu/seed/all_labs.html">http://www.cis.syr.edu/~wedu/seed/all_labs.html</a></b></div>
<div style="text-align: justify;">
<br /></div>
<div>
<div style="text-align: justify;">
People learn from mistakes. In security education, we study mistakes that lead to software vulnerabilities. Studying mistakes from the past not only help students understand why systems are vulnerable, why a "seemly-benign" mistake can turn into a disaster, and why many security mechanisms are needed. More importantly, it also helps students learn the common patterns of vulnerabilities, so they can avoid making similar mistakes in the future. Moreover, using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing.</div>
</div>
<h3 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">(1) Software in general</span></h3>
<ul style="color: blue; text-align: justify; text-decoration: none;">
<li><a href="http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Vulnerability/Shellshock/" style="color: blue; text-decoration: none;">Shellshock Vulnerability Lab </a>(</li>
</ul>
<span style="color: red;"><b>new</b></span>): exploit Bash's Shellshock vulnerability
<br />
<br />
<br />
<br />
<li><b>Set-UID Program Vulnerability Lab:</b> exploit the vulnerabilities of the privileged Set-UID programs. (</li>
<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/SetUID_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)
<br />
<ol start="1">
<ul>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs/Set-UID/" none="" text-decoration:="">For Ubuntu9.11 VM</a></li>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Vulnerability/Set-UID/" none="" text-decoration:="">For Ubuntu11.04 and Ubuntu12.04 VMs</a></li>
</ul>
<li style="text-align: justify;"><b>Buffer Overflow Vulnerability Lab</b>: exploit the buffer overflow vulnerability using the shell-code approach. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Buffer_Overflow_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
</ol>
<ul>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs/Vulnerability/Buffer_Overflow" none="" text-decoration:="">For Ubuntu9.11 VM</a></li>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs_11.04/Vulnerability/Buffer_Overflow" none="" text-decoration:="">For Ubuntu11.04 VM</a></li>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Vulnerability/Buffer_Overflow" none="" text-decoration:="">For Ubuntu12.04 VM</a></li>
</ul>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Vulnerability/Return_to_libc/" style="color: blue; text-decoration: none;">Return-to-libc Attack Lab</a>: exploit the buffer-overflow vulnerabilities using the return-to-libc attack. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Return_to_libc_Attack_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Vulnerability/Format_String" style="color: blue; text-decoration: none;">Format String Vulnerability Lab</a>: exploit the format string vulnerability. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Format_String_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><b>Race Condition Vulnerability Lab</b>: exploit the race condition vulnerability. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Race_Condition_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<br />
<ul>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs/Vulnerability/Race_Condition/" none="" text-decoration:="">For Ubuntu9.11 VM</a></li>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Vulnerability/Race_Condition/" none="" text-decoration:="">For Ubuntu11.04 and Ubuntu12.04 VMs</a></li>
</ul>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Vulnerability/Chroot/" style="color: blue; text-decoration: none;">Chroot Sandbox Vulnerability Lab</a>: explore how the chroot sandbox can be broken. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Chroot_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<br />
<h3 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">(2) Network Protocols</span></h3>
<ol start="8">
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Attacks_TCPIP/" style="color: blue; text-decoration: none;">TCP/IP Attack Lab</a>: exploit the vulnerabilities of the TCP/IP protocols. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/TCPIP_Attack_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
</ol>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Attacks_DNS/" style="color: blue; text-decoration: none;">DNS Pharming Attack Lab</a>: exploit the vulnerabilities of the DNS protocol to launch <i>Pharming attacks</i>. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/DNS_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<br />
<h3 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">(3) Web Applications</span></h3>
<ol start="10"><div style="text-align: justify;">
<b color:="" red="">The following labs need to use the Ubuntu9.11 VM:</b></div>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Attacks_XSS/" style="color: blue; text-decoration: none;">Cross-site Scripting Attack Lab on PhpBB</a>: exploiting cross-site scripting vulnerabilities. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/XSS_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
</ol>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Attacks_CSRF/" style="color: blue; text-decoration: none;">Cross-site Request Forgery Attack Lab on PhpBB</a>: exploiting cross-site request forgery vulnerabilities. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/CSRF_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Attacks_SQL_Injection/" style="color: blue; text-decoration: none;">SQL Injection Attack Lab on PhpBB</a>: experience the SQL-Injection attacks. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/SQL_Injection_Attack_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Vulnerability/ClickJacking/" style="color: blue; text-decoration: none;">ClickJacking Attack Lab</a>: experience the ClickJacking attacks.</li>
<br />
<ol start="14"><div style="text-align: justify;">
<b color:="" red="">The following labs need to use the Ubuntu11.04 or Ubuntu12.04 VM:</b></div>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Web/XSS_Collabtive/" style="color: blue; text-decoration: none;">Cross-site Scripting Attack Lab on Collabtive</a>: exploiting cross-site scripting vulnerabilities.</li>
</ol>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Web/CSRF_Collabtive/" style="color: blue; text-decoration: none;">Cross-site Request Forgery Attack Lab on Collabtive</a>: exploiting cross-site request forgery vulnerabilities.</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Web/SQL_Injection_Collabtive/" style="color: blue; text-decoration: none;">SQL Injection Attack Lab on Collabtive</a>: experience the SQL-Injection attacks.</li>
<br />
<hr style="text-align: justify;" />
<h2 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">Design/Implementation Labs</span></h2>
<div style="text-align: justify;">
The objective of the design/implementation labs is to provide students with opportunities to apply security principles in <i>designing and implementing</i>systems. They help students achieve learning by system development.</div>
<h3 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">(1) Networking</span></h3>
<ol start="17">
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Firewall_Linux/" style="color: blue; text-decoration: none;">Linux Firewall Lab</a>: implement a simple firewall (called "miniFirewall") for Linux. This lab involves Loadable Kernel Module and Netfilter. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Linux_Firewall_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
</ol>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Firewall_Minix/" style="color: blue; text-decoration: none;">Minix Firewall Lab</a> implement a simple firewall (called "miniFirewall") for Minix. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Minix_Firewall_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/IPSec/" style="color: blue; text-decoration: none;">IPSec Lab</a>: implement a simplified IPSec protocol (called "miniIPSec") for Minix (a comprehensive project). (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/IPSec_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/VPN/" style="color: blue; text-decoration: none;">Virtual Private Network (VPN) Lab</a>: implement a simple VPN (called "miniVPN") in Linux (a comprehensive project). Unlike IPSec-based VPNs, this lab does not need to modify the Linux kernel. All the implementations are in the user space. This lab involves encryption, hash, public key certificates, SSL, and network tunneling techniques (TUN/TAP). (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/VPN_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<br />
<h3 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">(2) System</span></h3>
<ol start="20">
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/RBAC_Cap/" style="color: blue; text-decoration: none;">Role-Based Access Control (RBAC) Lab</a> design and implement an integrated access control system for Minix that uses both capability-based and role-based access control mechanisms. Students need to modify Minix kernel to implement both capability and RBAC (this is a comprehensive project for access control). (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/RBAC_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
</ol>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Capability/" style="color: blue; text-decoration: none;">Capability Lab</a>: design and implement a capability-based access control system for Minix (this is a comprehensive project).</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/EFS/" style="color: blue; text-decoration: none;">Encrypted File System Lab</a>: design and implement an encrypted file system for Minix (a comprehensive project).</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Set-RandomUID/" style="color: blue; text-decoration: none;">Set-RandomUID Lab</a>: design and implement a simple sandbox for Minix.</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Memory_Randomization" style="color: blue; text-decoration: none;">Address Space Layout Randomization (ASLR) Lab</a> randomize stack and heap in Minix to improve security.</li>
<br />
<hr style="text-align: justify;" />
<h2 style="text-align: justify;">
<span font-size:="" small="" style="font-size: small;">Exploration Labs</span></h2>
<div style="text-align: justify;">
The objective of the exploration labs is two-fold: the first is to enhance students' learning via observation, playing and exploration, so they can see what security principles ``feel'' like in a real system; the second objective is to provide students with opportunities to apply security principles in <i>analyzing and evaluating</i> systems. The exploration labs provide a feasible means by which the students have "a direct encounter with the phenomena being studied rather than merely thinking about the encounter, or only considering the possibility of doing something about it".</div>
<ol start="25">
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Firewall_Linux/" style="color: blue; text-decoration: none;">Linux Firewall Exploration Lab</a>: This is the redesign of the Linux Firewall Design/Implementation Lab. The focus is shifted from programming to exploration. Students will explore various firewall-related technologies, such as netfilter, web proxy, URL rewriting, and using SSH tunnels to evade egress filtering.</li>
</ol>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Sniffing_Spoofing/" style="color: blue; text-decoration: none;">Packet Sniffing and Spoofing Lab</a>: explore how sniffing and spoofing tools are implemented. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Sniffing_Spoofing_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><b>Linux Capability Exploration Lab</b>: explore the capability-based access control in Linux. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Capability_Exploration_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<br />
<ul>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs/Capability_Exploration/" none="" text-decoration:="">For Ubuntu9.11 VM</a></li>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs_11.04/Capability_Exploration/" none="" text-decoration:="">For Ubuntu11.04 and Ubuntu12.04 VMs</a></li>
</ul>
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><b>Web Browser Access Control Lab</b>: explore the Same-Origin Access Control Policy in web browsers. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Web_SOP_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<br />
<ul>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs/Web_SOP_Exploration/" none="" text-decoration:="">For Ubuntu9.11 VM</a></li>
<li style="text-align: justify;"><a blue="" color:="" href="http://www.cis.syr.edu/~wedu/seed/Labs/Web/Web_SOP_Collabtive/" none="" text-decoration:="">For Ubuntu11.04 and Ubuntu12.04 VM</a></li>
</ul>
<br />
<br />
<br />
<br />
<br />
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Crypto/Crypto_Encryption/" style="color: blue; text-decoration: none;">Crypto Lab I -- Secret-Key Encryption </a>: explore secret-key encryption and its applications using OpenSSL. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/Secret_Key_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Crypto/Crypto_Hash/" style="color: blue; text-decoration: none;">Crypto Lab II -- One-Way Hash Function</a>: explore one-way hash function and its applications using OpenSSL. (<a href="http://www.cis.syr.edu/~wedu/seed/Survey_Results/One_Way_Hash_Lab.png" style="color: blue; text-decoration: none;">Survey Results</a>)</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/Crypto/Crypto_PublicKey/" style="color: blue; text-decoration: none;">Crypto Lab III -- Public-Key Cryptography and PKI</a>: explore public-key cryptography, digital signature, certificate, and PKI using OpenSSL.</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/PAM/" style="color: blue; text-decoration: none;">Pluggable Authentication Modules (PAM) Lab</a>: explore a flexible authentication technique.</li>
<li style="text-align: justify;"><a href="http://www.cis.syr.edu/~wedu/seed/Labs/SYN_Cookies/" style="color: blue; text-decoration: none;">SYN Cookies Lab</a>: explore the SYN Cookies mechanism in Linux.</li>
<br />
<br />
<div>
<br /></div>
<div>
<div>
<b><span style="color: #ead1dc; font-size: x-small;">(updated 14/01/2017)</span></b></div>
<b><span style="font-size: x-large;">The Lord of Buffer Overflow (Redhat 6.2)</span></b></div>
<div>
<br /></div>
<div>
<a href="http://hackerschool.org/TheLordofBOF/TheLordOfTheBOF_redhat_bootable.zip">http://hackerschool.org/TheLordofBOF/TheLordOfTheBOF_redhat_bootable.zip</a> (136 MB)</div>
<div>
<br /></div>
LEVEL1 (gate -> gremlin) : simple bof<br />
LEVEL2 (gremlin -> cobolt) : small buffer<br />
LEVEL3 (cobolt -> goblin) : small buffer + stdin<br />
LEVEL4 (goblin -> orc) : egghunter<br />
LEVEL5 (orc -> wolfman) : egghunter + bufferhunter<br />
LEVEL6 (wolfman -> darkelf) : check length of argv[1] + egghunter + bufferhunter<br />
LEVEL7 (darkelf -> orge) : check argv[0]<br />
LEVEL8 (orge -> troll) : check argc<br />
LEVEL9 (troll -> vampire) : check 0xbfff<br />
LEVEL10 (vampire -> skeleton) : argv hunter<br />
LEVEL11 (skeleton -> golem) : stack destroyer<br />
LEVEL12 (golem -> darkknight) : sfp <br />
LEVEL13 (darkknight -> bugbear) : RTL1<br />
LEVEL14 (bugbear -> giant) : RTL2, only execve<br />
LEVEL15 (giant -> assassin) : no stack, no RTL<br />
LEVEL16 (assassin -> zombie_assassin) : fake ebp<br />
LEVEL17 (zombie_assassin -> succubus) : function calls<br />
LEVEL18 (succubus -> nightmare) : plt<br />
LEVEL19 (nightmare -> xavis) : fgets + destroyers<br />
LEVEL20 (xavis -> death_knight) : remote BOF <br />
<div>
<br /></div>
<div>
[Ref --> <a href="http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Notice&no=1170881885">http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Notice&no=1170881885</a>]<br />
<br />
<b><span style="font-size: x-large;">The Lord of Buffer Overflow (Fedora)</span></b><br />
<br />
<a href="http://hackerschool.org/TheLordofBOF/VM_FC3.zip">http://hackerschool.org/TheLordofBOF/VM_FC3.zip</a> (521 MB)<br />
<br />
<a href="http://hackerschool.org/TheLordofBOF/VM_FC4.zip">http://hackerschool.org/TheLordofBOF/VM_FC4.zip</a> (354 MB)</div>
<div>
<br /></div>
<a href="http://hackerschool.org/TheLordofBOF/VM_FC4.zip">http://hackerschool.org/TheLordofBOF/</a><a href="http://work.hackerschool.org/DOWNLOAD/TheLordOfTheBOF/VM_Fedora10.rar">VM_Fedora10.rar</a> (589 MB)<br />
<br />
<a href="http://hackerschool.org/TheLordofBOF/VM_FC4.zip">http://hackerschool.org/TheLordofBOF/</a><a href="http://work.hackerschool.org/DOWNLOAD/TheLordOfTheBOF/VM_Fedora14.rar">VM_Fedora14.rar</a> (658 MB)<br />
<div>
<br /></div>
[FC 3]<br />
Stack Dummy : O<br />
Down privileage of bash : O<br />
Random Stack : O<br />
Random Library : X<br />
Random Program Binary Mapped : X<br />
ASCII Armor : O<br />
Non-Executable Stack : O<br />
Non-Executable Heap : O<br />
Stack Carany : X<br />
Stack Smashing Protector : X<br />
<br />
Levels:<br />
gate -> iron_golem : Fake_SFP + Ascii Armor<br />
iron_golem -> dark_eyes : RET Sleding<br />
dark_eyes -> hell_fire : another fake_ebp or got overwriting<br />
hell_fire -> evil_wizard : POP POP RET<br />
evil_wizard -> dark_stone : POP POP RET / Remote<br />
<div>
<br /></div>
[FC 4]<br />
dark_stone -> cruel : Local BOF on FC4<br />
cruel -> enigma : Remote BOF on FC4<br />
enigma -> titan : Remote BOF on FC4<br />
<br />
[FC 10]<br />
* level1 (titan -> balog) <br />
* level2 (balog -> talos) <br />
* level3 (talos -> dark_mare) <br />
<br />
[FC 14]<br />
* level1 (dark_mare -> stegodon) <br />
* level2 (stegodon -> blood_seeker) <br />
<br />
[Ref - <a href="http://www.hackerschool.org/HS_Boards/zboard.php?id=bof_fellowship_2round&page=1&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=4">http://www.hackerschool.org/HS_Boards/zboard.php?id=bof_fellowship_2round&page=1&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=4</a>]<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com2tag:blogger.com,1999:blog-7650451980965310437.post-31667593710208275032011-03-02T21:31:00.003+01:002011-03-29T15:56:11.024+02:00Python Challenge<p>Bastante recomendado para practicar retos de programacion en python, a traves del cual, una vez solucionado los distintos niveles, puedes ver la solucion en distintos lenguajes como python, perl, bash, java, c, etc.</p><p>La verdad que ayuda bastante hacer este reto porque ayuda en la resolucion de otros, y tambien da soltura en el uso del lenguaje python.</p><p><a href="http://www.pythonchallenge.com/">http://www.pythonchallenge.com/</a></p><p><span style="font-size:78%;"><br /></span></p><p><span style="font-size:78%;">Updated 29-03-2011</span></p><p>Algunos ebooks gratis, y sitios para aprender python:</p><ol><li><a href="http://learnpythonthehardway.org/">Learn Python the Hard Way</a></li><li><a href="http://www.swaroopch.com/notes/Python">A Byte of Python</a></li><li><a href="http://docs.python.org/tutorial/index.html">The Python Tutorial</a></li><li><a href="http://en.wikibooks.org/wiki/Python_Programming">Python Programming</a></li></ol><p><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com1tag:blogger.com,1999:blog-7650451980965310437.post-6920922239305653242011-02-28T13:33:00.015+01:002011-03-21T17:25:04.179+01:00Sources Interesantes<p>Algunos sources que pueden resultar interesantes para su uso en retos/wargames/ctf:</p><p><a href="http://hkpco.kr/code/hktrace.c">The Way of Binary Copy without Permission:</a><br /></p><br /><a href="http://aliggo.springnote.com/pages/2488572">aliggo</a><br /><br /><br /><p>Otra herramienta curiosa es la que nos presenta Albert Sellarès, (whats):</p><br /><pre class="brush: shell; gutter: false;"><br />This is a tool to dump a process to an executable ELF file to execute it.<br /><br />http://www.wekk.net/skpd/<br /><br />https://www.wekk.net/code/attachments/download/1/skpd.tar.gz<br /></pre><br /><br /><p><a href="http://packetstorm.wowhacker.com/papers/attack/shl_hijacking.txt">Shared Library Hijacking For Playing Wargames</a></p><p><a href="http://www.acsu.buffalo.edu/~charngda/gdb.html">GDB Reference Card - Hacking GDB</a></p><p><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-56690619287989922262011-01-10T22:23:00.029+01:002014-09-02T04:21:06.698+02:00Otros retos shellOtros retos a traves de shell para practicar:<br />
<a href="http://intruded.net/leviathan.html">http://intruded.net/leviathan.html</a><br />
<a href="http://intruded.net/narnia.html">http://intruded.net/narnia.html</a><br />
<a href="http://intruded.net/behemoth.html">http://intruded.net/behemoth.html</a><br />
<a href="http://intruded.net/utumno.html">http://intruded.net/utumno.html</a><br />
<a href="http://intruded.net/maze.html">http://intruded.net/maze.html</a><br />
<a href="http://intruded.net/manpage.html">http://intruded.net/manpage.html</a><br />
<br />
<a href="http://io.smashthestack.org:84/">http://io.smashthestack.org:84/</a><br />
<a href="http://blowfish.smashthestack.org:81/">http://blowfish.smashthestack.org:81/</a><br />
<a href="http://apfel.smashthestack.org:83/">http://apfel.smashthestack.org:83/</a><br />
<a href="http://tux.smashthestack.org:86/">http://tux.smashthestack.org:86/</a><br />
<a href="http://blackbox.smashthestack.org:85/">http://blackbox.smashthestack.org:85/</a><br />
<br />
<a href="http://www.overthewire.org/wargames/vortex/">http://www.overthewire.org/wargames/vortex/</a><br />
<a href="http://www.overthewire.org/wargames/semtex/">http://www.overthewire.org/wargames/semtex/</a><br />
<a href="http://www.overthewire.org/wargames/blacksun/">http://www.overthewire.org/wargames/blacksun/</a><br />
<a href="http://www.overthewire.org/wargames/drifter/">http://www.overthewire.org/wargames/drifter/</a><br />
<a href="http://www.overthewire.org/wargames/krypton/">http://www.overthewire.org/wargames/krypton/</a><br />
<br />
<a href="http://invi.phpnet.us/">http://invi.phpnet.us/</a> <--- Source de ExploitMe y SQLi (Hackit)<br />
<br />
<a href="http://www.felinemenace.org/">http://www.felinemenace.org/</a>~mercy/ <--- Buenos source para practicar<br />
<br />
<a href="http://community.corest.com/~gera/InsecureProgramming/">http://community.corest.com/~gera/InsecureProgramming/</a><br />
<br />
<a href="http://luna.sc/security-badulake/created-hackit-contests/">http://luna.sc/security-badulake/created-hackit-contests/</a> <-- dreyer was here :)<br />
<br />
<a href="http://gulcas.linux.es/?q=hackit">http://gulcas.linux.es/?q=hackit</a> <-- Sources del Hackit de la iparty 8 de aditel<br />
<br />
<a href="http://back2hack.cc/forumdisplay.php?fid=249&page=1">http://back2hack.cc/forumdisplay.php?fid=249&page=1</a> <-- sources para practicar<br />
<br />
<a href="http://www.shell-storm.org/smashme/">http://www.shell-storm.org/smashme/</a><br />
<br />
<a href="http://hack.thebackupbox.net/">http://hack.thebackupbox.net/</a><br />
<br />
<a href="http://www.hackerschool.org/">http://www.hackerschool.org</a> --> ssh level1@ftz.hackerschool.org pass: level1<br />
telnet ftz.hackerschool.org<br />
<a href="http://w3challs.com/challenges/challenge59">http://w3challs.com/challenges/challenge59</a> <--- Registrarse y ya ssh con user basic1<br />
<br />
<a href="http://www.root-me.org/">http://www.root-me.org</a> <-- 3 retos, shell, binary y rbinary (remote binary)<br />
<br />
<span style="font-size: 78%;"><span style="color: #ffcccc;">Updated 30-03-2011:</span></span><br />
<br />
<a href="https://github.com/mabj/ctf_ucon2">https://github.com/mabj/ctf_ucon2</a> <-- Capture The Flag uCon 2009 de Marcos Álvares<br />
<br />
<a href="http://www.0xdeadbeef.info/code/linux-x86-exploits.tgz">http://www.0xdeadbeef.info/code/linux-x86-exploits.tgz</a> <-- Linux/x86 vulnerable code study. Currently, there are 86 example exploits included.<br />
<br />
<span class="Apple-style-span" style="color: #ffcccc; font-size: 12px;">Updated 14-12-2011:</span><br />
<span class="Apple-style-span" style="color: #ffcccc; font-size: 12px;"><br /></span>
<a href="http://exploit-exercises.com/">http://exploit-exercises.com/</a> <-- Linux exploiting from source with Virtual Machine, 3 kind of challenges Nebula - Protostar - Fusion<br />
<br />
<span style="color: #ffcccc; font-size: 12px;">Updated 23-09-2012:</span><br />
<span style="color: #ffcccc; font-size: 12px;"><br /></span>
<a href="https://sm0k.org/dojo/vanilla.php">https://sm0k.org/dojo/vanilla.php</a> <-- Over ssh (ssh vanilla1@vanilladome.sm0k.org -p 13722 pass: vanilla1) with levels that you must exploit to bypass to the next.<br />
<br />
<span style="color: #ffcccc; font-size: 12px;">Updated 01-09-2014:</span><br />
<span style="color: #ffcccc; font-size: 12px;"><br /></span>
<a href="http://pwnable.kr/">http://pwnable.kr/</a> <-- We provide various pwn challenges regarding system security. If you succeed to 'pwn' a task, you will be able to read the 'flag' file which contains a secret message. Once you authenticate the flag, you can get the corresponding point. If you are good at system hacking, these tasks would be just a bunch of fun games - enjoy :)<div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-9849755822873360342011-01-04T17:38:00.020+01:002011-01-09T22:48:22.877+01:00Solucion - Linux - cyrex's Linux Crackme 02<p><a href="http://www.crackmes.de/users/cyrex/linux_crackme_02/">http://www.crackmes.de/users/cyrex/linux_crackme_02/</a></p><p>$ wget http://www.crackmes.de/users/cyrex/linux_crackme_02/download<br />--2011-01-04 17:41:08-- http://www.crackmes.de/users/cyrex/linux_crackme_02/download<br />Resolviendo www.crackmes.de... 88.198.55.82<br />Conectando a www.crackmes.de|88.198.55.82|:80... conectado.<br />Petición HTTP enviada, esperando respuesta... 200 OK<br />Longitud: 2199 (2,1K) [application/tgz]<br />Guardando en: «download»<br /><br />100%[============================================================================================================>] 2.199 --.-K/s en 0,004s<br /><br />2011-01-04 17:41:15 (558 KB/s) - «download» guardado [2199/2199]<br /></p><p><pre class='brush: bash'><br />$ file download<br />download: gzip compressed data, from Unix, last modified: Wed Feb 23 23:36:55 2005<br />$ mv download crackme_02.tgz<br />$ tar xvzf crackme_02.tgz<br />crackme<br /><br />$ ./crackme<br />-[ Linux CrackMe (Level:3) by cyrex ]-<br />-[ TODO: Get the valid password ]-<br />-[ Enter Password: asdf<br />-[ Entered Password: asdf<br />-[ Checking Stage 1 Now.....<br />-[ Game Over<br /><br />$ strings crackme<br />/lib/ld-linux.so.2<br />libc.so.6<br />printf<br />__deregister_frame_info<br />ptrace<br />strcmp<br />scanf<br />exit<br />fopen<br />_IO_stdin_used<br />__libc_start_main<br />__register_frame_info<br />__gmon_start__<br />GLIBC_2.1<br />GLIBC_2.0<br />PTRh<br />QVh<br />[^_]<br />Are you trying to Debug me?<br />-[ Linux CrackMe (Level:3) by cyrex ]-<br />-[ TODO: Get the valid password ]-<br />-[ Enter Password:<br />-[ Entered Password: %s<br />-[ Checking Stage 1 Now.....<br />7gb5fjf8v4bg8fb34f<br />-[ Stage 1 Cleared<br />-[ Game Over<br />-[ Checking Stage 2 Now....<br />/tmp/crackme_89nfnjfiefheufeue<br />-[ Bad did you forgot something?<br />-[ You have successfully reversed/cracked/sniffed This Crackme<br />-[ Email me your solution to eth0@list.ru<br /><br />$ ./crackme<br />-[ Linux CrackMe (Level:3) by cyrex ]-<br />-[ TODO: Get the valid password ]-<br />-[ Enter Password: 7gb5fjf8v4bg8fb34f<br />-[ Entered Password: 7gb5fjf8v4bg8fb34f<br />-[ Checking Stage 1 Now.....<br />-[ Stage 1 Cleared<br />-[ Checking Stage 2 Now....<br />-[ Bad did you forgot something?<br />$ touch /tmp/crackme_89nfnjfiefheufeue<br />$ ./crackme<br />-[ Linux CrackMe (Level:3) by cyrex ]-<br />-[ TODO: Get the valid password ]-<br />-[ Enter Password: 7gb5fjf8v4bg8fb34f<br />-[ Entered Password: 7gb5fjf8v4bg8fb34f<br />-[ Checking Stage 1 Now.....<br />-[ Stage 1 Cleared<br />-[ Checking Stage 2 Now....<br />-[ You have successfully reversed/cracked/sniffed This Crackme<br />-[ Email me your solution to eth0@list.ru<br />$</pre></p><p>###########################################################</p><p><br /></p><p>Veamoslo con el GDB y objdump:</p><p><pre class="brush: bash;gutter: false; toolbar: true;"><br />$ objdump -d crackme<br /><br />crackme: file format elf32-i386<br /><br />...<br />... (omitido no importante) ...<br /><br />Disassembly of section .text:<br /><br />08048440 <.text>:<br />8048440: 31 ed xor %ebp,%ebp<br />8048442: 5e pop %esi<br />8048443: 89 e1 mov %esp,%ecx<br />8048445: 83 e4 f0 and $0xfffffff0,%esp<br />8048448: 50 push %eax<br />8048449: 54 push %esp<br />804844a: 52 push %edx<br />804844b: 68 00 87 04 08 push $0x8048700<br />8048450: 68 a0 86 04 08 push $0x80486a0<br />8048455: 51 push %ecx<br />8048456: 56 push %esi<br />8048457: 68 20 85 04 08 push $0x8048520<br />804845c: e8 9f ff ff ff call 8048400 <__libc_start_main@plt><br />8048461: f4 hlt<br />8048462: 90 nop<br />8048463: 90 nop<br />8048464: 55 push %ebp<br />8048465: 89 e5 mov %esp,%ebp<br />8048467: 53 push %ebx<br />8048468: e8 00 00 00 00 call 804846d <fopen@plt+0x3d><br />804846d: 5b pop %ebx<br />804846e: 81 c3 6b 16 00 00 add $0x166b,%ebx<br />8048474: 50 push %eax<br />8048475: 8b 83 30 00 00 00 mov 0x30(%ebx),%eax<br />804847b: 85 c0 test %eax,%eax<br />804847d: 74 02 je 8048481 <fopen@plt+0x51><br />804847f: ff d0 call *%eax<br />8048481: 8b 5d fc mov -0x4(%ebp),%ebx<br />8048484: c9 leave<br />8048485: c3 ret<br />8048486: 90 nop<br />8048487: 90 nop<br />8048488: 90 nop<br />8048489: 90 nop<br />804848a: 90 nop<br />804848b: 90 nop<br />804848c: 90 nop<br />804848d: 90 nop<br />804848e: 90 nop<br />804848f: 90 nop<br />8048490: 55 push %ebp<br />8048491: 89 e5 mov %esp,%ebp<br />8048493: 83 ec 08 sub $0x8,%esp<br />8048496: 83 3d f8 99 04 08 00 cmpl $0x0,0x80499f8<br />804849d: 75 3e jne 80484dd <fopen@plt+0xad><br />804849f: eb 12 jmp 80484b3 <fopen@plt+0x83><br />80484a1: a1 f4 99 04 08 mov 0x80499f4,%eax<br />80484a6: 8d 50 04 lea 0x4(%eax),%edx<br />80484a9: 89 15 f4 99 04 08 mov %edx,0x80499f4<br />80484af: 8b 00 mov (%eax),%eax<br />80484b1: ff d0 call *%eax<br />80484b3: a1 f4 99 04 08 mov 0x80499f4,%eax<br />80484b8: 83 38 00 cmpl $0x0,(%eax)<br />80484bb: 75 e4 jne 80484a1 <fopen@plt+0x71><br />80484bd: b8 e0 83 04 08 mov $0x80483e0,%eax<br />80484c2: 85 c0 test %eax,%eax<br />80484c4: 74 0d je 80484d3 <fopen@plt+0xa3><br />80484c6: 83 c4 f4 add $0xfffffff4,%esp<br />80484c9: 68 fc 99 04 08 push $0x80499fc<br />80484ce: e8 0d ff ff ff call 80483e0 <__deregister_frame_info@plt><br />80484d3: c7 05 f8 99 04 08 01 movl $0x1,0x80499f8<br />80484da: 00 00 00<br />80484dd: c9 leave<br />80484de: c3 ret<br />80484df: 90 nop<br />80484e0: 55 push %ebp<br />80484e1: 89 e5 mov %esp,%ebp<br />80484e3: 83 ec 08 sub $0x8,%esp<br />80484e6: c9 leave<br />80484e7: c3 ret<br />80484e8: 55 push %ebp<br />80484e9: 89 e5 mov %esp,%ebp<br />80484eb: 83 ec 08 sub $0x8,%esp<br />80484ee: b8 b0 83 04 08 mov $0x80483b0,%eax<br />80484f3: 85 c0 test %eax,%eax<br />80484f5: 74 12 je 8048509 <fopen@plt+0xd9><br />80484f7: 83 c4 f8 add $0xfffffff8,%esp<br />80484fa: 68 0c 9b 04 08 push $0x8049b0c<br />80484ff: 68 fc 99 04 08 push $0x80499fc<br />8048504: e8 a7 fe ff ff call 80483b0 <__register_frame_info@plt><br />8048509: c9 leave<br />804850a: c3 ret<br />804850b: 90 nop<br />804850c: 55 push %ebp<br />804850d: 89 e5 mov %esp,%ebp<br />804850f: 83 ec 08 sub $0x8,%esp<br />8048512: c9 leave<br />8048513: c3 ret<br />8048514: 8d b6 00 00 00 00 lea 0x0(%esi),%esi<br />804851a: 8d bf 00 00 00 00 lea 0x0(%edi),%edi<br />8048520: 55 push %ebp<br />8048521: 89 e5 mov %esp,%ebp<br />8048523: 81 ec 18 04 00 00 sub $0x418,%esp<br />8048529: 6a 00 push $0x0<br />804852b: 6a 01 push $0x1<br />804852d: 6a 00 push $0x0<br />804852f: 6a 00 push $0x0<br />8048531: e8 ba fe ff ff call 80483f0 <ptrace@plt><br />8048536: 83 c4 10 add $0x10,%esp<br />8048539: 89 c0 mov %eax,%eax<br />804853b: 85 c0 test %eax,%eax<br />804853d: 7d 21 jge 8048560 <fopen@plt+0x130><br />804853f: 83 c4 f4 add $0xfffffff4,%esp<br />8048542: 68 e0 87 04 08 push $0x80487e0<br />8048547: e8 c4 fe ff ff call 8048410 <printf@plt><br />804854c: 83 c4 10 add $0x10,%esp<br />804854f: b8 01 00 00 00 mov $0x1,%eax<br />8048554: e9 37 01 00 00 jmp 8048690 <fopen@plt+0x260><br />8048559: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi<br />8048560: 83 c4 f4 add $0xfffffff4,%esp<br />8048563: 68 00 88 04 08 push $0x8048800<br />8048568: e8 a3 fe ff ff call 8048410 <printf@plt><br />804856d: 83 c4 10 add $0x10,%esp<br />8048570: 83 c4 f4 add $0xfffffff4,%esp<br />8048573: 68 40 88 04 08 push $0x8048840<br />8048578: e8 93 fe ff ff call 8048410 <printf@plt><br />804857d: 83 c4 10 add $0x10,%esp<br />8048580: 83 c4 f4 add $0xfffffff4,%esp<br />8048583: 68 68 88 04 08 push $0x8048868<br />8048588: e8 83 fe ff ff call 8048410 <printf@plt><br />804858d: 83 c4 10 add $0x10,%esp<br />8048590: 83 c4 f8 add $0xfffffff8,%esp<br />8048593: 8d 85 00 fc ff ff lea -0x400(%ebp),%eax<br />8048599: 50 push %eax<br />804859a: 68 7c 88 04 08 push $0x804887c<br />804859f: e8 2c fe ff ff call 80483d0 <scanf@plt><br />80485a4: 83 c4 10 add $0x10,%esp<br />80485a7: 83 c4 f8 add $0xfffffff8,%esp<br />80485aa: 8d 85 00 fc ff ff lea -0x400(%ebp),%eax<br />80485b0: 50 push %eax<br />80485b1: 68 7f 88 04 08 push $0x804887f<br />80485b6: e8 55 fe ff ff call 8048410 <printf@plt><br />80485bb: 83 c4 10 add $0x10,%esp<br />80485be: 83 c4 f4 add $0xfffffff4,%esp<br />80485c1: 68 98 88 04 08 push $0x8048898<br />80485c6: e8 45 fe ff ff call 8048410 <printf@plt><br />80485cb: 83 c4 10 add $0x10,%esp<br />80485ce: 83 c4 f8 add $0xfffffff8,%esp<br />80485d1: 68 b6 88 04 08 push $0x80488b6<br />80485d6: 8d 85 00 fc ff ff lea -0x400(%ebp),%eax<br />80485dc: 50 push %eax<br />80485dd: e8 de fd ff ff call 80483c0 <strcmp@plt><br />80485e2: 83 c4 10 add $0x10,%esp<br />80485e5: 89 c0 mov %eax,%eax<br />80485e7: 85 c0 test %eax,%eax<br />80485e9: 75 15 jne 8048600 <fopen@plt+0x1d0><br />80485eb: 83 c4 f4 add $0xfffffff4,%esp<br />80485ee: 68 c9 88 04 08 push $0x80488c9<br />80485f3: e8 18 fe ff ff call 8048410 <printf@plt><br />80485f8: 83 c4 10 add $0x10,%esp<br />80485fb: eb 17 jmp 8048614 <fopen@plt+0x1e4><br />80485fd: 8d 76 00 lea 0x0(%esi),%esi<br />8048600: 83 c4 f4 add $0xfffffff4,%esp<br />8048603: 68 dd 88 04 08 push $0x80488dd<br />8048608: e8 03 fe ff ff call 8048410 <printf@plt><br />804860d: 83 c4 10 add $0x10,%esp<br />8048610: 31 c0 xor %eax,%eax<br />8048612: eb 7c jmp 8048690 <fopen@plt+0x260><br />8048614: 83 c4 f4 add $0xfffffff4,%esp<br />8048617: 68 eb 88 04 08 push $0x80488eb<br />804861c: e8 ef fd ff ff call 8048410 <printf@plt><br />8048621: 83 c4 10 add $0x10,%esp<br />8048624: 83 c4 f8 add $0xfffffff8,%esp<br />8048627: 68 08 89 04 08 push $0x8048908<br />804862c: 68 20 89 04 08 push $0x8048920<br />8048631: e8 fa fd ff ff call 8048430 <fopen@plt><br />8048636: 83 c4 10 add $0x10,%esp<br />8048639: 89 c0 mov %eax,%eax<br />804863b: 89 85 fc fb ff ff mov %eax,-0x404(%ebp)<br />8048641: 83 bd fc fb ff ff 00 cmpl $0x0,-0x404(%ebp)<br />8048648: 75 1d jne 8048667 <fopen@plt+0x237><br />804864a: 83 c4 f4 add $0xfffffff4,%esp<br />804864d: 68 40 89 04 08 push $0x8048940<br />8048652: e8 b9 fd ff ff call 8048410 <printf@plt><br />8048657: 83 c4 10 add $0x10,%esp<br />804865a: 83 c4 f4 add $0xfffffff4,%esp<br />804865d: 6a 00 push $0x0<br />804865f: e8 bc fd ff ff call 8048420 <exit@plt><br />8048664: 83 c4 10 add $0x10,%esp<br />8048667: 83 c4 f4 add $0xfffffff4,%esp<br />804866a: 68 80 89 04 08 push $0x8048980<br />804866f: e8 9c fd ff ff call 8048410 <printf@plt><br />8048674: 83 c4 10 add $0x10,%esp<br />8048677: 83 c4 f4 add $0xfffffff4,%esp<br />804867a: 68 c0 89 04 08 push $0x80489c0<br />804867f: e8 8c fd ff ff call 8048410 <printf@plt><br />8048684: 83 c4 10 add $0x10,%esp<br />8048687: 31 c0 xor %eax,%eax<br />8048689: eb 05 jmp 8048690 <fopen@plt+0x260><br />804868b: 90 nop<br />804868c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi<br />8048690: c9 leave<br />8048691: c3 ret<br />8048692: 90 nop<br />8048693: 90 nop<br />8048694: 90 nop<br />8048695: 90 nop<br />8048696: 90 nop<br />8048697: 90 nop<br />8048698: 90 nop<br />8048699: 90 nop<br />804869a: 90 nop<br />804869b: 90 nop<br />804869c: 90 nop<br />804869d: 90 nop<br />804869e: 90 nop<br />804869f: 90 nop<br />80486a0: 55 push %ebp<br />80486a1: 89 e5 mov %esp,%ebp<br />80486a3: 57 push %edi<br />80486a4: 56 push %esi<br />80486a5: 31 f6 xor %esi,%esi<br />80486a7: 53 push %ebx<br />80486a8: 83 ec 0c sub $0xc,%esp<br />80486ab: e8 a0 00 00 00 call 8048750 <fopen@plt+0x320><br />80486b0: 81 c3 28 14 00 00 add $0x1428,%ebx<br />80486b6: e8 cd fc ff ff call 8048388 <__register_frame_info@plt-0x28><br />80486bb: 8d 93 14 ff ff ff lea -0xec(%ebx),%edx<br />80486c1: 8d 83 14 ff ff ff lea -0xec(%ebx),%eax<br />80486c7: 29 c2 sub %eax,%edx<br />80486c9: c1 fa 02 sar $0x2,%edx<br />80486cc: 39 d6 cmp %edx,%esi<br />80486ce: 73 1c jae 80486ec <fopen@plt+0x2bc><br />80486d0: 89 d7 mov %edx,%edi<br />80486d2: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi<br />80486d9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi<br />80486e0: ff 94 b3 14 ff ff ff call *-0xec(%ebx,%esi,4)<br />80486e7: 46 inc %esi<br />80486e8: 39 fe cmp %edi,%esi<br />80486ea: 72 f4 jb 80486e0 <fopen@plt+0x2b0><br />80486ec: 83 c4 0c add $0xc,%esp<br />80486ef: 5b pop %ebx<br />80486f0: 5e pop %esi<br />80486f1: 5f pop %edi<br />80486f2: 5d pop %ebp<br />80486f3: c3 ret<br />80486f4: 8d b6 00 00 00 00 lea 0x0(%esi),%esi<br />80486fa: 8d bf 00 00 00 00 lea 0x0(%edi),%edi<br />8048700: 55 push %ebp<br />8048701: 89 e5 mov %esp,%ebp<br />8048703: 83 ec 08 sub $0x8,%esp<br />8048706: 89 1c 24 mov %ebx,(%esp)<br />8048709: e8 42 00 00 00 call 8048750 <fopen@plt+0x320><br />804870e: 81 c3 ca 13 00 00 add $0x13ca,%ebx<br />8048714: 89 74 24 04 mov %esi,0x4(%esp)<br />8048718: 8d 83 14 ff ff ff lea -0xec(%ebx),%eax<br />804871e: 8d 93 14 ff ff ff lea -0xec(%ebx),%edx<br />8048724: 29 d0 sub %edx,%eax<br />8048726: c1 f8 02 sar $0x2,%eax<br />8048729: 85 c0 test %eax,%eax<br />804872b: 8d 70 ff lea -0x1(%eax),%esi<br />804872e: 75 10 jne 8048740 <fopen@plt+0x310><br />8048730: e8 5b 00 00 00 call 8048790 <fopen@plt+0x360><br />8048735: 8b 1c 24 mov (%esp),%ebx<br />8048738: 8b 74 24 04 mov 0x4(%esp),%esi<br />804873c: 89 ec mov %ebp,%esp<br />804873e: 5d pop %ebp<br />804873f: c3 ret<br />8048740: ff 94 b3 14 ff ff ff call *-0xec(%ebx,%esi,4)<br />8048747: 89 f0 mov %esi,%eax<br />8048749: 4e dec %esi<br />804874a: 85 c0 test %eax,%eax<br />804874c: 75 f2 jne 8048740 <fopen@plt+0x310><br />804874e: eb e0 jmp 8048730 <fopen@plt+0x300><br />8048750: 8b 1c 24 mov (%esp),%ebx<br />8048753: c3 ret<br />8048754: 90 nop<br />8048755: 90 nop<br />8048756: 90 nop<br />8048757: 90 nop<br />8048758: 90 nop<br />8048759: 90 nop<br />804875a: 90 nop<br />804875b: 90 nop<br />804875c: 90 nop<br />804875d: 90 nop<br />804875e: 90 nop<br />804875f: 90 nop<br />8048760: 55 push %ebp<br />8048761: 89 e5 mov %esp,%ebp<br />8048763: 83 ec 14 sub $0x14,%esp<br />8048766: 53 push %ebx<br />8048767: bb c8 9a 04 08 mov $0x8049ac8,%ebx<br />804876c: 83 3d c8 9a 04 08 ff cmpl $0xffffffff,0x8049ac8<br />8048773: 74 0c je 8048781 <fopen@plt+0x351><br />8048775: 8b 03 mov (%ebx),%eax<br />8048777: ff d0 call *%eax<br />8048779: 83 c3 fc add $0xfffffffc,%ebx<br />804877c: 83 3b ff cmpl $0xffffffff,(%ebx)<br />804877f: 75 f4 jne 8048775 <fopen@plt+0x345><br />8048781: 5b pop %ebx<br />8048782: c9 leave<br />8048783: c3 ret<br />8048784: 55 push %ebp<br />8048785: 89 e5 mov %esp,%ebp<br />8048787: 83 ec 08 sub $0x8,%esp<br />804878a: c9 leave<br />804878b: c3 ret<br />804878c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi<br /></pre><br /><br /><p>Algunas strings con gdb:<br /><br /><pre class='brush: bash'><br />$ gdb ./crackme<br />GNU gdb (GDB) 7.2-ubuntu<br />Copyright (C) 2010 Free Software Foundation, Inc.<br />License GPLv3+: GNU GPL version 3 or later<br />This is free software: you are free to change and redistribute it.<br />There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br />and "show warranty" for details.<br />This GDB was configured as "i686-linux-gnu".<br /><br />(gdb) r<br />Starting program: /home/uknow/Escritorio/kk/pruebas/crackme<br />Are you trying to Debug me?<br /><br />Program exited with code 01. <br />(gdb) x/s 0x80487e0<br />0x80487e0: "Are you trying to Debug me?\n"<br /></pre><br /><br />El programa usa ptrace para ver si el programa esta siendo traceado o debugeado, cambiamos un simple jump y ya nos saltamos esa proteccion.<br /><br /><pre class='brush: bash'><br />$ cmp -b crackme crackme_parcheado<br />crackme crackme_parcheado son distintos: el byte 1342, en la línea 3 es 175 } 176 ~<br /><br />$ objdump -d crackme | grep 804853d<br />804853d: 7d 21 jge 8048560 <fopen@plt+0x130><br /><br />$ objdump -d crackme_parcheado | grep 804853d<br />804853d: 7e 21 jle 8048560 <fopen@plt+0x130><br /><br /><br />$ gdb ./crackme_parcheado<br />GNU gdb (GDB) 7.2-ubuntu<br />Copyright (C) 2010 Free Software Foundation, Inc.<br />License GPLv3+: GNU GPL version 3 or later <br />This is free software: you are free to change and redistribute it.<br />There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br />and "show warranty" for details.<br />This GDB was configured as "i686-linux-gnu".<br /><br />(gdb) r<br />Starting program: /home/uknow/Escritorio/kk/pruebas/crackme_parcheado<br />-[ Linux CrackMe (Level:3) by cyrex ]-<br />-[ TODO: Get the valid password ]-<br />-[ Enter Password: aaa<br />-[ Entered Password: aaa<br />-[ Checking Stage 1 Now.....<br />-[ Game Over<br /><br />Program exited normally.<br />(gdb)<br /></pre><br /></p><p>##########################################################</p><p><br />Usando ltrace:</p><p><pre class='brush: bash'>$ ltrace ./crackme<br />__libc_start_main(0x8048520, 1, 0xbf8d5c64, 0x80486a0, 0x8048700 <unfinished><br />__register_frame_info(0x80499fc, 0x8049b0c, 0xb773ece0, 0xb773dff4, 0xbf8d5c64) = 0x80499fc<br />ptrace(0, 0, 1, 0, 4) = -1<br />printf("Are you trying to Debug me?\n"Are you trying to Debug me?<br />) = 28<br />__deregister_frame_info(0x80499fc, 3, 0xbf8d5b00, 4, 0x80482a4) = 0<br />+++ exited (status 1) +++<br /><br />$ ltrace ./crackme_parcheado<br />__libc_start_main(0x8048520, 1, 0xbfc384f4, 0x80486a0, 0x8048700 <unfinished><br />__register_frame_info(0x80499fc, 0x8049b0c, 0xb787fce0, 0xb787eff4, 0xbfc384f4) = 0x80499fc<br />ptrace(0, 0, 1, 0, 4) = -1<br />printf("-[ Linux CrackMe (Level:3) by cy"...-[ Linux CrackMe (Level:3) by cyrex ]-<br />) = 39<br />printf("-[ TODO: Get the valid password "...-[ TODO: Get the valid password ]-<br />) = 39<br />printf("-[ Enter Password: ") = 19<br />scanf(0x804887c, 0xbfc38048, 1, 0, 4-[ Enter Password: aaa<br />) = 1<br />printf("-[ Entered Password: %s\n", "aaa"-[ Entered Password: aaa<br />) = 25<br />printf("-[ Checking Stage 1 Now.....\n"-[ Checking Stage 1 Now.....<br />) = 29<br />strcmp("aaa", "7gb5fjf8v4bg8fb34f") = 1<br />printf("-[ Game Over\n"-[ Game Over<br />) = 13<br />__deregister_frame_info(0x80499fc, 3, 0xbfc38390, 4, 0x80482a4) = 0<br />+++ exited (status 0) +++<br /></pre><br /></p><p>y metiendo el serial de la primera parte vemos que intenta abrir el archivo "/tmp/crackme_89nfnjfiefheufeue" en la segunda parte:</p><p><pre class='brush: bash'>$ ltrace ./crackme_parcheado<br />__libc_start_main(0x8048520, 1, 0xbfdb0c04, 0x80486a0, 0x8048700 <unfinished><br />__register_frame_info(0x80499fc, 0x8049b0c, 0xb7764ce0, 0xb7763ff4, 0xbfdb0c04) = 0x80499fc<br />ptrace(0, 0, 1, 0, 4) = -1<br />printf("-[ Linux CrackMe (Level:3) by cy"...-[ Linux CrackMe (Level:3) by cyrex ]-<br />) = 39<br />printf("-[ TODO: Get the valid password "...-[ TODO: Get the valid password ]-<br />) = 39<br />printf("-[ Enter Password: ") = 19<br />scanf(0x804887c, 0xbfdb0758, 1, 0, 4-[ Enter Password: 7gb5fjf8v4bg8fb34f<br />) = 1<br />printf("-[ Entered Password: %s\n", "7gb5fjf8v4bg8fb34f"-[ Entered Password: 7gb5fjf8v4bg8fb34f<br />) = 40<br />printf("-[ Checking Stage 1 Now.....\n"-[ Checking Stage 1 Now.....<br />) = 29<br />strcmp("7gb5fjf8v4bg8fb34f", "7gb5fjf8v4bg8fb34f") = 0<br />printf("-[ Stage 1 Cleared\n"-[ Stage 1 Cleared<br />) = 19<br />printf("-[ Checking Stage 2 Now....\n"-[ Checking Stage 2 Now....<br />) = 28<br />fopen("/tmp/crackme_89nfnjfiefheufeue", "r") = 0<br />printf("-[ Bad did you forgot something?"...-[ Bad did you forgot something?<br />) = 33<br />exit(0 <unfinished><br />__deregister_frame_info(0x80499fc, 3, 0xbfdb0670, 4, 0xb7783b28) = 0<br />+++ exited (status 0) +++<br /></pre><br /></p><p><br /></p><p><br /><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-46653132386809268922011-01-04T17:25:00.010+01:002011-01-09T23:00:44.289+01:00Solucion - Linux - cyrex's Linux CrackMe<p><a href="http://www.crackmes.de/users/cyrex/linux_crackme/">http://www.crackmes.de/users/cyrex/linux_crackme/</a></p><p><pre class='brush: bash'>$ wget http://www.crackmes.de/users/cyrex/linux_crackme/download<br />--2011-01-04 17:28:23-- http://www.crackmes.de/users/cyrex/linux_crackme/download<br />Resolviendo www.crackmes.de... 88.198.55.82<br />Conectando a www.crackmes.de|88.198.55.82|:80... conectado.<br />Petición HTTP enviada, esperando respuesta... 200 OK<br />Longitud: 5497 (5,4K) [application/tgz]<br />Guardando en: «download»<br /><br />100%[============================================================================================================>] 5.497 --.-K/s en 0,1s<br /><br />2011-01-04 17:28:26 (48,0 KB/s) - «download» guardado [5497/5497]<br /><br />$ file crackme_01.tgz<br />crackme_01.tgz: gzip compressed data, from Unix, last modified: Mon Feb 21 20:39:58 2005<br />$ mv download crackme_01.tgz<br />$ tar xvzf crackme_01.tgz<br />crackme_01/<br />crackme_01/crackme<br /><br />$ ./crackme<br />-[ Linux CrackMe (Level:2) by cyrex ]-<br />-[ TODO: You have to get the valid Password ]-<br />Enter Password: 1234<br />-[ Ohhhh, your skills are bad try again later ]-<br />$<br />$ strings crackme<br />/lib/ld-linux.so.2<br />libc.so.6<br />printf<br />__deregister_frame_info<br />strcmp<br />scanf<br />_IO_stdin_used<br />__libc_start_main<br />__register_frame_info<br />__gmon_start__<br />GLIBC_2.0<br />PTRhP<br />QVhP<br />[^_]<br />-[ Linux CrackMe (Level:2) by cyrex ]-<br />-[ TODO: You have to get the valid Password ]-<br />Enter Password:<br />47ghf6fh37fbgbgj<br />-[ Good, You're ready to begin linux reversing ]-<br />-[ Ohhhh, your skills are bad try again later ]-<br />$<br /><br />$ ./crackme<br />-[ Linux CrackMe (Level:2) by cyrex ]-<br />-[ TODO: You have to get the valid Password ]-<br />Enter Password: 47ghf6fh37fbgbgj<br />-[ Good, You're ready to begin linux reversing ]-<br /></pre><br /></p><p>Veamoslo con el GDB, pero vamos es bastante sencillo de entender:</p><p><br /><pre class='brush: bash'><br />$ gdb ./crackme<br />GNU gdb (GDB) 7.2-ubuntu<br />Copyright (C) 2010 Free Software Foundation, Inc.<br />License GPLv3+: GNU GPL version 3 or later <br />This is free software: you are free to change and redistribute it.<br />There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br />and "show warranty" for details.<br />This GDB was configured as "i686-linux-gnu".<br />Leyendo símbolos desde /home/uknow/Escritorio/kk/pruebas/crackme_01/crackme...hecho.<br />(gdb) disass main<br />Dump of assembler code for function main:<br />0x08048450 <+0>: push %ebp<br />0x08048451 <+1>: mov %esp,%ebp<br />0x08048453 <+3>: sub $0x28,%esp<br />0x08048456 <+6>: add $0xfffffff4,%esp<br />0x08048459 <+9>: push $0x8048620<br />0x0804845e <+14>: call 0x804835c <printf@plt><br />0x08048463 <+19>: add $0x10,%esp<br />0x08048466 <+22>: add $0xfffffff4,%esp<br />0x08048469 <+25>: push $0x8048660<br />0x0804846e <+30>: call 0x804835c <printf@plt><br />0x08048473 <+35>: add $0x10,%esp<br />0x08048476 <+38>: add $0xfffffff4,%esp<br />0x08048479 <+41>: push $0x8048690<br />0x0804847e <+46>: call 0x804835c <printf@plt><br />0x08048483 <+51>: add $0x10,%esp<br />0x08048486 <+54>: add $0xfffffff8,%esp<br />0x08048489 <+57>: lea -0x20(%ebp),%eax<br />0x0804848c <+60>: push %eax<br />0x0804848d <+61>: push $0x80486a1<br />0x08048492 <+66>: call 0x804832c <scanf@plt><br />0x08048497 <+71>: add $0x10,%esp<br />0x0804849a <+74>: add $0xfffffff8,%esp<br />0x0804849d <+77>: push $0x80486a4<br />0x080484a2 <+82>: lea -0x20(%ebp),%eax<br />0x080484a5 <+85>: push %eax<br />0x080484a6 <+86>: call 0x804831c <strcmp@plt><br />0x080484ab <+91>: add $0x10,%esp<br />0x080484ae <+94>: mov %eax,%eax<br />0x080484b0 <+96>: test %eax,%eax<br />0x080484b2 <+98>: jne 0x80484c6 <main+118><br />0x080484b4 <+100>: add $0xfffffff4,%esp<br />0x080484b7 <+103>: push $0x80486c0<br />0x080484bc <+108>: call 0x804835c <printf@plt><br />0x080484c1 <+113>: add $0x10,%esp<br />0x080484c4 <+116>: jmp 0x80484d6 <main+134><br />0x080484c6 <+118>: add $0xfffffff4,%esp<br />---Type <return> to continue, or q <return> to quit---q<br />Quit<br />(gdb) x/s 0x80486a4<br />0x80486a4: "47ghf6fh37fbgbgj"<br />(gdb) r<br />Starting program: /home/uknow/Escritorio/kk/pruebas/crackme_01/crackme 47ghf6fh37fbgbgj<br />-[ Linux CrackMe (Level:2) by cyrex ]-<br />-[ TODO: You have to get the valid Password ]-<br />Enter Password: 47ghf6fh37fbgbgj<br />-[ Good, You're ready to begin linux reversing ]-<br /><br />Program exited normally.<br />(gdb) x/s 0x80486c0<br />0x80486c0: "-[ Good, You're ready to begin linux reversing ]-\n"<br />(gdb) q<br /><br /></pre><br /></p><p><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-28635433290593559992011-01-04T17:03:00.003+01:002011-01-09T22:56:18.059+01:00Solucion - Linux - lord's easy linux crackme<p><a href="http://www.crackmes.de/users/lord/easy_linux_crackme/">http://www.crackmes.de/users/lord/easy_linux_crackme/</a></p><p><br /></p><p><pre class='brush: bash'>$ wget http://www.crackmes.de/users/lord/easy_linux_crackme/download<br />--2011-01-04 17:04:45-- http://www.crackmes.de/users/lord/easy_linux_crackme/download<br />Resolviendo www.crackmes.de... 88.198.55.82<br />Conectando a www.crackmes.de|88.198.55.82|:80... conectado.<br />Petición HTTP enviada, esperando respuesta... 200 OK<br />Longitud: 362 [application/gz]<br />Guardando en: «download»<br /><br />100%[============================================================================================================>] 362 --.-K/s en 0s <br /><br />2011-01-04 17:04:47 (18,6 MB/s) - «download» guardado [362/362]<br /><br />$ mv download blah.tar.gz<br /><br /><br />$ tar xvzf blah.tar.gz<br />blah<br /><br />$ file blah<br />blah: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped<br /><br />$ strings blah<br />Okej!<br />$ chmod +x blah<br /><br /><br />$ ./blah<br />$<br /><br />$ objdump -d blah<br /><br />blah: file format elf32-i386<br /><br /><br />Disassembly of section .text:<br /><br />08048094 <.text>:<br />8048094: 31 c0 xor %eax,%eax<br />8048096: b8 2f 00 00 00 mov $0x2f,%eax<br />804809b: cd 80 int $0x80<br />804809d: 3d ad de 00 00 cmp $0xdead,%eax<br />80480a2: 75 16 jne 0x80480ba<br />80480a4: b8 04 00 00 00 mov $0x4,%eax<br />80480a9: bb 01 00 00 00 mov $0x1,%ebx<br />80480ae: b9 c4 90 04 08 mov $0x80490c4,%ecx<br />80480b3: ba 06 00 00 00 mov $0x6,%edx<br />80480b8: cd 80 int $0x80<br />80480ba: 31 c0 xor %eax,%eax<br />80480bc: 40 inc %eax<br />80480bd: 31 db xor %ebx,%ebx<br />80480bf: cd 80 int $0x80<br /><br /><br />$ perl -e 'print 0xdead'<br />57005<br /><br />$<br /><br />$ perl -e 'print 0x2f'<br />47<br /></pre><br /><br />vemos que hace una llamada al syscall 47, veamos cual es:<br /></p><p><br /><pre class='brush: bash'><br />$ cat /usr/include/asm/unistd_32.h | grep 47<br />#define __NR_getgid 47<br />#define __NR_getsid 147<br />#define __NR_io_getevents 247<br /></pre><br /></p><p>Compara si nuestro gid es 57005, si es asi muestra el mensaje de correcto, si no, no devuelve nada :(</p><p><br /><pre class='brush: bash'><br />$ sudo useradd -g 57005 titopako<br />$ sudo passwd titopako<br />Introduzca la nueva contraseña de UNIX:<br />Vuelva a escribir la nueva contraseña de UNIX:<br />passwd: contraseña actualizada correctamente<br /><br />$ su titopako<br />Contraseña:<br />$ ./blah<br />Okej!<br />$ id<br />uid=1002(titopako) gid=57005(titopako) grupos=57005(titopako)<br /></pre><br /></p><p><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-36834783752036104482011-01-04T15:05:00.005+01:002011-01-09T23:05:27.831+01:00Solucion - Linux - lord's Easy crackme 2<p><a href="http://www.crackmes.de/users/lord/easy_crackme_2/">http://www.crackmes.de/users/lord/easy_crackme_2/</a></p><pre class="brush: bash">$ wget http://www.crackmes.de/users/lord/easy_crackme_2/download<br />--2011-01-04 15:19:11-- http://www.crackmes.de/users/lord/easy_crackme_2/download<br />Resolviendo www.crackmes.de... 88.198.55.82<br />Conectando a www.crackmes.de|88.198.55.82|:80... conectado.<br />Petición HTTP enviada, esperando respuesta... 200 OK<br />Longitud: 362 [application/gz]<br />Guardando en: «download»<br /><br />100%[============================================================================================================>] 362 --.-K/s en 0s <br /><br />2011-01-04 15:19:17 (36,3 MB/s) - «download» guardado [362/362]<br /><br /><br />$ file download<br />download: gzip compressed data, was "cm1eng", from Unix, last modified: Fri Mar 31 10:34:34 2006<br /><br />$ mv download cm1eng.gz<br />$ gzip -d cm1eng.gz<br />$ chmod +x cm1eng<br />$ ./cm1eng<br /><br />Password : asdf<br />$<br /><br /><br /><br />$ strings cm1eng<br />Password :<br />Great you did it !:)<br /> <br />QTBXCTU<br /><br /><br />$ objdump -d cm1eng<br /><br />cm1eng: file format elf32-i386<br /><br /><br />Disassembly of section .text:<br /><br />08048080 <.text>:<br />8048080: b8 04 00 00 00 mov $0x4,%eax<br />8048085: bb 01 00 00 00 mov $0x1,%ebx<br />804808a: b9 f8 90 04 08 mov $0x80490f8,%ecx<br />804808f: ba 0d 00 00 00 mov $0xd,%edx<br />8048094: cd 80 int $0x80<br />8048096: ba 00 01 00 00 mov $0x100,%edx<br />804809b: b9 1b 91 04 08 mov $0x804911b,%ecx<br />80480a0: bb 00 00 00 00 mov $0x0,%ebx<br />80480a5: b8 03 00 00 00 mov $0x3,%eax<br />80480aa: cd 80 int $0x80<br />80480ac: be 26 91 04 08 mov $0x8049126,%esi<br />80480b1: 89 f7 mov %esi,%edi<br />80480b3: 31 db xor %ebx,%ebx<br />80480b5: fc cld <br />80480b6: ac lods %ds:(%esi),%al<br />80480b7: 34 21 xor $0x21,%al<br />80480b9: aa stos %al,%es:(%edi)<br />80480ba: 43 inc %ebx<br />80480bb: 81 fb 07 00 00 00 cmp $0x7,%ebx<br />80480c1: 74 02 je 0x80480c5<br />80480c3: e2 f1 loop 0x80480b6<br />80480c5: be 1b 91 04 08 mov $0x804911b,%esi<br />80480ca: bf 26 91 04 08 mov $0x8049126,%edi<br />80480cf: b9 07 00 00 00 mov $0x7,%ecx<br />80480d4: fc cld <br />80480d5: f3 a6 repz cmpsb %es:(%edi),%ds:(%esi)<br />80480d7: 75 16 jne 0x80480ef<br />80480d9: b8 04 00 00 00 mov $0x4,%eax<br />80480de: bb 01 00 00 00 mov $0x1,%ebx<br />80480e3: b9 05 91 04 08 mov $0x8049105,%ecx<br />80480e8: ba 16 00 00 00 mov $0x16,%edx<br />80480ed: cd 80 int $0x80<br />80480ef: b8 01 00 00 00 mov $0x1,%eax<br />80480f4: cd 80 int $0x80<br />$<br /></pre><br /><p>Vemos que tiene que tener longitud 7 la entrada de datos y hace un XOR con 21 en hex (simbolo ! en ascii)</p><p>Viendo las strings, vemos que hace XOR a esa misma string y obtenemos el password.<br /></p><pre class="brush: bash"><br />$ perl -e 'print "QTBXCTU"^"!!!!!!!\n"'<br />pucybut<br /><br /><br />$ ./cm1eng<br /><br />Password : pucybut<br />Great you did it !:)<br /><br /></pre><br /><p><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0tag:blogger.com,1999:blog-7650451980965310437.post-39254441418794365012010-09-10T18:57:00.000+02:002010-09-10T18:58:45.756+02:00prueba google mapsprueba google maps:<div><br /></div><div><iframe width="425" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.com/?ie=UTF8&ll=36.954282,-3.078575&spn=0.152815,0.308647&t=h&z=12&output=embed"></iframe><br /><small><a href="http://maps.google.com/?ie=UTF8&ll=36.954282,-3.078575&spn=0.152815,0.308647&t=h&z=12&source=embed" style="color:#0000FF;text-align:left">Ver mapa más grande</a></small></div><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com1tag:blogger.com,1999:blog-7650451980965310437.post-44870193169269814442010-09-10T17:42:00.002+02:002011-01-04T19:03:18.095+01:00Win32asm Cheat Sheet<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixtYbnNIWb3MuYiPB9UvYOY8DPRgjo_q3cJQzOU75LqUGbbHsXmSK3FeJb3rLr5Zv2s8IgKhkZhjGqKoRd3Ym0N7GZUngEtgIslQ2npOddzK3z_nyZQ2RiJuqFDz8dKHR8LrstaxvTUcKC/s1600/win32asmcheatsheet.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 225px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixtYbnNIWb3MuYiPB9UvYOY8DPRgjo_q3cJQzOU75LqUGbbHsXmSK3FeJb3rLr5Zv2s8IgKhkZhjGqKoRd3Ym0N7GZUngEtgIslQ2npOddzK3z_nyZQ2RiJuqFDz8dKHR8LrstaxvTUcKC/s320/win32asmcheatsheet.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5515311319778477794" /></a><br /><p>Win32asm Cheat Sheet</p><p><br /></p><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com1tag:blogger.com,1999:blog-7650451980965310437.post-75500701675744028652009-04-04T00:22:00.001+02:002011-01-04T19:01:57.444+01:00Google Cheat Sheet<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSOsAKNezYaTkY2H-xPCBy3GlXDd0ot5uei8MGdWyDrnsh-CsWQpoJTwM9wf02rzh3TKQXhmNgiDfTET2vmuoKRkoQX6-1v-7sZfd5JYYXC8jSFm1DwIDV3XGclNtBSdPJMWz8aGu8Ok-D/s1600-h/google-cheat-sheet1.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 226px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSOsAKNezYaTkY2H-xPCBy3GlXDd0ot5uei8MGdWyDrnsh-CsWQpoJTwM9wf02rzh3TKQXhmNgiDfTET2vmuoKRkoQX6-1v-7sZfd5JYYXC8jSFm1DwIDV3XGclNtBSdPJMWz8aGu8Ok-D/s320/google-cheat-sheet1.png" alt="" id="BLOGGER_PHOTO_ID_5320594569530737714" border="0" /></a><br /><blockquote>Cheat Sheet de Google</blockquote><div class="blogger-post-footer">[Pushebx.com]$ cat /etc/motd</div>spnowhttp://www.blogger.com/profile/18275552120431048007noreply@blogger.com0