« previous next »
Pages: [1]   Go Down

Author Topic: interesting analysis  (Read 1958 times)

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
interesting analysis
« on: May 05, 2009, 05:21:53 PM »
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy

Offline peewee_RotA

  • Brobdingnagian Member
  • ***
  • Posts: 4152
  • Hi, I'm from the gov'ment and I'm here to help you
    • View Profile
  • Rated:
Re: interesting analysis
« Reply #1 on: May 05, 2009, 05:36:06 PM »
That article reads like the repair manual for a turbo encabulator.
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
 Tune in to the Tastycast!!!!  http://dna.zeliepa.net

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
Re: interesting analysis
« Reply #2 on: May 05, 2009, 05:55:05 PM »
They actually step through the code which is cool.

Basically a intrustion detection system caught a packet that matched a signature.  When this packet matched the signature it stored the packet.   The security researcher recognized a pattern in the hex representation of the data that was a very simple decoding/enoding scheme using xor.  - they knew it was an exploit against ms-0867.  This is a exploit against the windows server service, attacking a poorly written function in the SMB protocol.

The shellcode is weakly encrypted to not be pattern matched by various types security systems.  But the intrustion detection system was matching on analysis of all attacks against the vulnerability.  They realize that to really run the shellcode  through the loop to decode it, they must populate a register with what is normally there from the Windows server service.  They do that and now they have attack payload assembly which they disassemble and analyze. 

The code is putting data in the stack that shouldn't be there by overflowing a buffer in the problem function netpathcanonicalize. It rewrites the function return address and the machine runs the new code.
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
Pages: [1]   Go Up
« previous next »
 

El Box de Shoutamente

Last 10 Shouts:

 

RyU

September 03, 2024, 05:15:49 PM
And wow Derrick is still playing lol
 

RyU

September 03, 2024, 05:15:15 PM
Just know yesterday is gone and soon tomorrow will be gone too  :)
 

Lejionator

August 08, 2024, 07:28:01 PM
It's tiem to QuakeCon!!!  ;)

https://www.youtube.com/watch?v=ThQd_UJaTys
 

ImperiusDamian

July 26, 2024, 09:34:53 PM
In nomine Quake II et Id Software et Spiritus John Carmack, Amen.
 

QuakeDuke

July 26, 2024, 05:10:30 PM
Hey, shout, summertime blues
Jump up and down in you blue suede shoes
Hey, did you rock and roll? Rock on!!  ...QD
 

Yotematoi

July 24, 2024, 01:31:20 PM
Ayer me mato 5 veces para robarme en la vida real hará lo mismo? [img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid0wXU2VgS7atesBcSoMz5BWMJCJajeZFVT6GzSU6TtpJGddN9kLTvWNgcZaskkbKFQl&amp;show_text=true&amp;width=500
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid0wXU2VgS7atesBcSoMz5BWMJCJajeZFVT6GzSU6TtpJGddN9kLTvWNgcZaskkbKFQl&show_text=true&width=500" width="500"
 

Yotematoi

July 24, 2024, 01:25:59 PM
hi ya está la basura de Martin, se cambió el nombre es un ladron estupido, asi llegó a 10000[img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&amp;show_text
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
 

Yotematoi

July 24, 2024, 01:25:59 PM
hi ya está la basura de Martin, se cambió el nombre es un ladron estupido, asi llegó a 10000[img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&amp;show_text
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
 

-Unh0ly-

July 05, 2024, 05:20:36 AM
https://unh0lyquakeii.godaddysites.com/[/i]

Show 50 latest

User

Welcome, Guest. Please login or register.
September 20, 2024, 09:25:34 PM

Login with username, password and session length

Search