« previous next »
Pages: [1]   Go Down

Author Topic: interesting analysis  (Read 1989 times)

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
interesting analysis
« on: May 05, 2009, 05:21:53 PM »
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy

Offline peewee_RotA

  • Brobdingnagian Member
  • ***
  • Posts: 4152
  • Hi, I'm from the gov'ment and I'm here to help you
    • View Profile
  • Rated:
Re: interesting analysis
« Reply #1 on: May 05, 2009, 05:36:06 PM »
That article reads like the repair manual for a turbo encabulator.
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
 Tune in to the Tastycast!!!!  http://dna.zeliepa.net

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
Re: interesting analysis
« Reply #2 on: May 05, 2009, 05:55:05 PM »
They actually step through the code which is cool.

Basically a intrustion detection system caught a packet that matched a signature.  When this packet matched the signature it stored the packet.   The security researcher recognized a pattern in the hex representation of the data that was a very simple decoding/enoding scheme using xor.  - they knew it was an exploit against ms-0867.  This is a exploit against the windows server service, attacking a poorly written function in the SMB protocol.

The shellcode is weakly encrypted to not be pattern matched by various types security systems.  But the intrustion detection system was matching on analysis of all attacks against the vulnerability.  They realize that to really run the shellcode  through the loop to decode it, they must populate a register with what is normally there from the Windows server service.  They do that and now they have attack payload assembly which they disassemble and analyze. 

The code is putting data in the stack that shouldn't be there by overflowing a buffer in the problem function netpathcanonicalize. It rewrites the function return address and the machine runs the new code.
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
Pages: [1]   Go Up
« previous next »
 

El Box de Shoutamente

Last 10 Shouts:

 

Costigan_Q2

November 11, 2024, 06:41:06 AM
"Stay cozy folks.

Everything is gonna be fine."

There'll be no excuses for having TDS after January 20th, there'll be no excuses AT ALL!!!
 

|iR|Focalor

November 06, 2024, 03:28:50 AM
 

RailWolf

November 05, 2024, 03:13:44 PM
Nice :)

Tom Servo

November 04, 2024, 05:05:24 PM
The Joe Rogan Experience episode 223 that dropped a couple hours ago with Musk, they're talking about Quake lol.
 

Costigan_Q2

November 04, 2024, 03:37:55 PM
Stay cozy folks.

Everything is gonna be fine.
 

|iR|Focalor

October 31, 2024, 08:56:37 PM
 

Costigan_Q2

October 17, 2024, 06:31:53 PM
Not activated your account yet?

Activate it now! join in the fun!

Tom Servo

October 11, 2024, 03:35:36 PM
HAHAHAHAHAHA
 

|iR|Focalor

October 10, 2024, 12:19:41 PM
I don't worship the devil. Jesus is Lord, friend. He died for your sins. He will forgive you if you just ask.
 

rikwad

October 09, 2024, 07:57:21 PM
Sorry, I couldn't resist my inner asshole.

Show 50 latest

User

Welcome, Guest. Please login or register.
November 26, 2024, 12:20:06 AM

Login with username, password and session length

Search