-
March 11th, 2005, 02:51 AM
#1
Using a Hex Editor to Produce a POC file
I rarely do this but given the nature of the tutorial, I needed to create a word document with pictures to clearly illustrate the information.
This tutorial takes an example proof of concept file from a bugtraq post and look at exactly what was altered in the zip file and verify if the POC file will actually work. In addition, the tutorial shows you how to navigate a hex value table and how to change the proper values to produce a good POC file should you want to build your own zip file to test the vulnerability reported to bugtraq.
I wrote this tutorial for my junior security staff. They often see vulnerabilities posted but don't know how to validate the claims. Often, vulnerabilities are posted with vital information missing. Because many junior security staff don't know how to go about recreating a valid test, I picked an example off of bugtraq at random and put this tutorial together. I have MD5 hashed the file in case you are the paranoid type. Those who know me should feel comfortable DLing a word doc from me.
Enjoy.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 11th, 2005, 06:53 PM
#2
Banned
You actually wrote it!!! Thanks Horsey, I'll have to check it out when I get home.
-
March 11th, 2005, 11:26 PM
#3
Yep. I told you I would.
One thing I'd like to mention is that the techniques in the tut can be used on just about any file format. Even if you don't have a file map, you can build your own by experimenting.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 12th, 2005, 01:16 AM
#4
I don't think I trust a Word file from you! I opened it in Vi and it was garbage characters! You put a virus in it didn't you!
Ride Teh PWNY / Horsey/ Mr Ed. Eddie, Fromnt end to Vi.
-
March 12th, 2005, 12:30 PM
#5
Haha. Yes, I am out to secretly hax0r the entire planet and if it wasn't for those damn kids I would have gotten away with it.
Anyway, so now I have a few other tut ideas. The next one will be how to look inside binary files and compare them to patched updates in order to pinpoint the vulnerability in the older file. This is a common technique virus writers use to quickly drum out the nasties. Anyone interested?
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 12th, 2005, 06:31 PM
#6
Banned
That would be cool Horsey. Showing us how to right a virus toolkit/lab . Or we could go oldschool!!! Teach me ASM!!!
-
March 12th, 2005, 07:16 PM
#7
Nooooooooooooooooooo. I won't be showing you how to write a virus. What I will do is show you one technique that virus writers use when they write exploits. What I hope you take away from it is 1) an understanding of how virus writers are so quickly able to come up with exploit code and 2) In understanding this, hopefully you will be able to better defend against attacks.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 12th, 2005, 11:07 PM
#8
I'm interested. Anything you can write that teaches something write away .
-
March 13th, 2005, 09:09 AM
#9
I'm interested as well horsey, that would be a good read, I hope to see a tutorial about that up on AO very soon
-
March 13th, 2005, 01:09 PM
#10
Someone asked me a question and I think the answer should be posted.
If you zip a file, the file header CRC value will be the same as the data file CRC. Once you go through the tut, zip a file and you'll be able to spot the CRC values in the hex table within seconds.
Someone else asked me about hiding data within files. Yes, that is called steganography and is a common practice. No, I haven't done a tut on stego - yet.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|