Welcome,
Guest
. Please
login
or
register
.
October 25, 2025, 07:29:22 AM
News:
tastyspleen.net discord server:
http://discord.tastyspleen.net
Home
Forum
Help
TinyPortal
Search
Calendar
Login
Register
tastyspleen::quake 2 community
»
Forum
»
The Tech Junkie Boards
»
Tech Junkie Lounge
»
interesting analysis
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: interesting analysis (Read 2196 times)
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
interesting analysis
«
on:
May 05, 2009, 05:21:53 PM »
http://vrt-sourcefire.blogspot.com/2008/12/ms08-067-in-wild.html
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
peewee_RotA
Brobdingnagian Member
Posts: 4152
Hi, I'm from the gov'ment and I'm here to help you
Rated:
Re: interesting analysis
«
Reply #1 on:
May 05, 2009, 05:36:06 PM »
That article reads like the repair manual for a turbo encabulator.
Logged
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
Tune in to the
Tastycast!!!!
http://dna.zeliepa.net
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: interesting analysis
«
Reply #2 on:
May 05, 2009, 05:55:05 PM »
They actually step through the code which is cool.
Basically a intrustion detection system caught a packet that matched a signature. When this packet matched the signature it stored the packet. The security researcher recognized a pattern in the hex representation of the data that was a very simple decoding/enoding scheme using xor. - they knew it was an exploit against ms-0867. This is a exploit against the windows server service, attacking a poorly written function in the SMB protocol.
The shellcode is weakly encrypted to not be pattern matched by various types security systems. But the intrustion detection system was matching on analysis of all attacks against the vulnerability. They realize that to really run the shellcode through the loop to decode it, they must populate a register with what is normally there from the Windows server service. They do that and now they have attack payload assembly which they disassemble and analyze.
The code is putting data in the stack that shouldn't be there by overflowing a buffer in the problem function netpathcanonicalize. It rewrites the function return address and the machine runs the new code.
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
Print
Pages: [
1
]
Go Up
« previous
next »
tastyspleen::quake 2 community
»
Forum
»
The Tech Junkie Boards
»
Tech Junkie Lounge
»
interesting analysis
El Box de Shoutamente
Last 10 Shouts:
-Unh0ly-
October 11, 2025, 09:33:09 AM
https://drive.google.com/file/d/1PiMmfuFbIkO0NMi9N3nhRrqkLmwQ3JtT/view?usp=sharing
GOOGLE GEMini AI UPSCALED AND REALISTIC game textures ,, unzip to baseq2 obviously
-Unh0ly-
September 23, 2025, 04:27:34 PM
https://drive.google.com/file/d/13RyezOeswNyYytT01Pc878dxRoSXyqYi/view?usp=sharing
QUAKE 2 RTX FULL VERSION
-Unh0ly-
August 09, 2025, 07:31:34 AM
https://youtu.be/ZEVF8_a6kgs
yahoo
July 22, 2025, 11:28:06 PM
https://edition.cnn.com/2025/07/22/entertainment/ozzy-osbourne-death
|iR|Focalor
July 04, 2025, 06:33:05 AM
RyU
June 29, 2025, 06:27:46 PM
Q2 must never die
|iR|Focalor
May 26, 2025, 01:17:30 PM
-Unh0ly-
May 24, 2025, 10:08:35 PM
https://drive.google.com/file/d/1qwsj3EM4s5svp0b8oJLZt_An6990RB-o/view?usp=sharing
QUAKE 2 RTX
-Unh0ly-
May 22, 2025, 05:45:28 PM
https://drive.google.com/file/d/1VB1if3QjStPWCpbB33vbx7OOef-Negd3/view?usp=sharing
DUST 2 HD TEXTURES PUT IN BASEQ2 folder
Yotematoi
May 17, 2025, 08:33:15 AM
Yo desde el año 2007 me enfermé de Q2, es incurable
Morir y revivir es costumbre, lástima q el QT estaba bueno
Show 50 latest
User
Welcome,
Guest
. Please
login
or
register
.
October 25, 2025, 07:29:22 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search
Advanced search