Exploiting Windows NT 4 Buffer Overruns

This paper show how to exploiting buffer overruns on windows nt 4.
“This document is for educational purposes only and explains what a
buffer overrun is and shows how they can be exploited on the Windows
NT 4 operating system using RASMAN.EXE as a case study. We will take a
look at Windows NT processes, virtual address space, the dynamics of a
buffer overrun and cover certain key issues such as explaining what a
stack is and what the ESP, EBP and EIP CPU registers are and do. With
these covered we’ll look into the buffer overrun found in RASMAN.EXE.
This document may be freely copied and distributed only in its
entirety and if credit is given.“
View this paper .

win32 Buffer Overflow

Real Life Vuln-Dev Process of a Win32 Stack Buffer Overflow
Introduction from the paper:
Many times Sergio has been asked for writing a paper about how to code an exploit for win32, for two reasons, first because there are many papers about exploitation on *nix, but few about how to exploit on win32 world, and second because papers about win32 exploitation get very difficult to be understood by people without a good understanding of ASM, C languages. So Sergio thought that the best way to do something clear he had to write something as simple as possible, without leaving nothing to guess by the readers. Well this is what Sergio think is the easiest that he could do. And explaining the hole process of finding, debugging and exploiting a black box application. For this purpose Sergio has chosen ‘War-FTPd v1.65′ a known stack b0f bugged software, which is gonna be used in this tutorial.

(more…)

Detect Your Web Application’s Vulnerabilities Early with Ruby

Web application fuzzing is a method of detecting a web application’s vulnerabilities prior to deploying the application on a production system. Users of this approach send several malicious requests to the application and, based on the responses received, determine the application’s security posture. Users also can apply fuzzing to perform tests on several different attack vectors such as SQL, XPATH, and LDAP injection, and error handling.
Read Here

Creating Your Own IT Security Audit

If a security auditor isn’t in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business.
Source : ITSecurity.com

Writing exploit BoF on Windows

This is a tutorial about writing exploit. We will use Mrinfo.exe Buffer for learning. nice paper for noobs . step by step with pictures . source : coromputer.net (read more …) (more…)

develop MS06-040 Exploit !

in this paper Trirat Kira  explain how to develop exploit MS06-040 that attack against Windows Server 2003 SP0, especially how to break the stack-based buffer overflow protection mechanism in Windows Server 2003 SP0.
read more …

(more…)

Bypssing Windows Heap Protections

milw0rm papers is a good archive for nice papers. (thx to str0ke for made this archive).
recently posted a paper about Bypassing Windows Heap Protections by falliere .
read this paper : milw0rm.com

Advances in format string exploitation

This paper explains about Exploting Heap Based format strings & about Brute Froce attacks in this method .
Phrack 0×0b, Issue 0×3b, Phile #0×07 of 0×12
(Read More …)
(more…)

Smashing The Kernel For Fun And Profit

This is a translation of the original article published on www.s0ftpj.org .
( introduction section …)
Today the net offers us a lot of pseudo-tools that work as processes hiders but, as well known, they are far to be perfect. Let’s start for example with a classic binary-trojan: running strace we’ll notice immediately that there’s something that needs our attention.
(read more …)
(more…)

Vuln Scanning Web 2.0 Client-Side Components

This paper explains how to Scanning web 2.0 applactions with borwsers & Client-Side Components .The key learning objectives of this article are to understand the following concepts and techniques: Scanning complexity and challenges in new generation Web applications / Web 2.0 client-side scanning objectives and methodology / Web 2.0 vulnerability detection (XSS in RSS feeds) / Cross-domain injection with JSON /Countermeasures and defense through browser-side filtering.
(Read more …)
(more…)