« previous next »
Pages: [1]   Go Down

Author Topic: interesting analysis  (Read 2075 times)

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
interesting analysis
« on: May 05, 2009, 05:21:53 PM »
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy

Offline peewee_RotA

  • Brobdingnagian Member
  • ***
  • Posts: 4152
  • Hi, I'm from the gov'ment and I'm here to help you
    • View Profile
  • Rated:
Re: interesting analysis
« Reply #1 on: May 05, 2009, 05:36:06 PM »
That article reads like the repair manual for a turbo encabulator.
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
 Tune in to the Tastycast!!!!  http://dna.zeliepa.net

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
Re: interesting analysis
« Reply #2 on: May 05, 2009, 05:55:05 PM »
They actually step through the code which is cool.

Basically a intrustion detection system caught a packet that matched a signature.  When this packet matched the signature it stored the packet.   The security researcher recognized a pattern in the hex representation of the data that was a very simple decoding/enoding scheme using xor.  - they knew it was an exploit against ms-0867.  This is a exploit against the windows server service, attacking a poorly written function in the SMB protocol.

The shellcode is weakly encrypted to not be pattern matched by various types security systems.  But the intrustion detection system was matching on analysis of all attacks against the vulnerability.  They realize that to really run the shellcode  through the loop to decode it, they must populate a register with what is normally there from the Windows server service.  They do that and now they have attack payload assembly which they disassemble and analyze. 

The code is putting data in the stack that shouldn't be there by overflowing a buffer in the problem function netpathcanonicalize. It rewrites the function return address and the machine runs the new code.
Logged
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
Pages: [1]   Go Up
« previous next »
 

El Box de Shoutamente

Last 10 Shouts:

 

Yotematoi

May 17, 2025, 08:33:15 AM
Yo desde el año 2007 me enfermé de Q2, es incurable  
Morir y revivir es costumbre, lástima q el QT estaba bueno
 

ImperiusDamian

May 12, 2025, 01:45:35 AM
Quake II is not 27 years old. I refuse to accept THAT much time has gone by.
 

|iR|Focalor

May 11, 2025, 02:33:39 PM
 

-Unh0ly-

May 03, 2025, 08:02:46 AM
198.179.6.200:30634
 

Yotematoi

May 02, 2025, 10:27:47 AM
Note for Player-4109 "Remember, the Guinness Book of Records does not include cowards who shot at someone by treachery." :D
 

|iR|Focalor

April 02, 2025, 02:47:07 AM
 

Yotematoi

February 14, 2025, 12:41:48 PM
 :-*
 

|iR|Focalor

February 13, 2025, 07:31:24 AM
I was on DM this morning for the first time in a pretty long time. Seemed fine to me.

0rbisson

February 13, 2025, 04:54:21 AM
DM server is fucked. 2 point blank rockets from spawn and lava damage and player survived? WTF?" Also someone has fucked with the spawn points, every single time no matter how big the map you spawn right in front of the person who killed you last

Show 50 latest

User

Welcome, Guest. Please login or register.
May 18, 2025, 04:16:00 PM

Login with username, password and session length

Search