Using a Hex Editor to Produce a POC file
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Using a Hex Editor to Produce a POC file

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883

    Using a Hex Editor to Produce a POC file

    I rarely do this but given the nature of the tutorial, I needed to create a word document with pictures to clearly illustrate the information.

    This tutorial takes an example proof of concept file from a bugtraq post and look at exactly what was altered in the zip file and verify if the POC file will actually work. In addition, the tutorial shows you how to navigate a hex value table and how to change the proper values to produce a good POC file should you want to build your own zip file to test the vulnerability reported to bugtraq.

    I wrote this tutorial for my junior security staff. They often see vulnerabilities posted but don't know how to validate the claims. Often, vulnerabilities are posted with vital information missing. Because many junior security staff don't know how to go about recreating a valid test, I picked an example off of bugtraq at random and put this tutorial together. I have MD5 hashed the file in case you are the paranoid type. Those who know me should feel comfortable DLing a word doc from me.

    Enjoy.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Banned
    Join Date
    Aug 2004
    Posts
    29
    You actually wrote it!!! Thanks Horsey, I'll have to check it out when I get home.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yep. I told you I would.

    One thing I'd like to mention is that the techniques in the tut can be used on just about any file format. Even if you don't have a file map, you can build your own by experimenting.


    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I don't think I trust a Word file from you! I opened it in Vi and it was garbage characters! You put a virus in it didn't you!

    Ride Teh PWNY / Horsey/ Mr Ed. Eddie, Fromnt end to Vi.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Haha. Yes, I am out to secretly hax0r the entire planet and if it wasn't for those damn kids I would have gotten away with it.

    Anyway, so now I have a few other tut ideas. The next one will be how to look inside binary files and compare them to patched updates in order to pinpoint the vulnerability in the older file. This is a common technique virus writers use to quickly drum out the nasties. Anyone interested?

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Banned
    Join Date
    Aug 2004
    Posts
    29
    That would be cool Horsey. Showing us how to right a virus toolkit/lab . Or we could go oldschool!!! Teach me ASM!!!

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Nooooooooooooooooooo. I won't be showing you how to write a virus. What I will do is show you one technique that virus writers use when they write exploits. What I hope you take away from it is 1) an understanding of how virus writers are so quickly able to come up with exploit code and 2) In understanding this, hopefully you will be able to better defend against attacks.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I'm interested. Anything you can write that teaches something write away .

  9. #9
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    I'm interested as well horsey, that would be a good read, I hope to see a tutorial about that up on AO very soon
    I am the uber duck!!1
    Proxy Tools

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Someone asked me a question and I think the answer should be posted.

    If you zip a file, the file header CRC value will be the same as the data file CRC. Once you go through the tut, zip a file and you'll be able to spot the CRC values in the hex table within seconds.

    Someone else asked me about hiding data within files. Yes, that is called steganography and is a common practice. No, I haven't done a tut on stego - yet.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides