Recognize-Security » Exploitation

Advanced Heap Spraying Techniques

Trancer — Mon, 20 Sep 2010 07:52:24 +0000

In the January OWASP Israel meeting I did a presentation about new and advanced Heap Spraying techniques. It’s about time I publish it.

In the presentation I demonstrated two new techniques – Bitmap Heap Spraying and Silverlight Heap Spraying which I’ll publish here later on this week in addition to a few other new techniques, so stay tuned, it’ll be fun.

You can view the presentation online on Google Docs or you can download the slides here – Advanced Heap Spraying Techniques or from OWASP Israel.

Peter Van Eeckhoutte’s Exploit Writing Tutorials

Trancer — Fri, 22 Jan 2010 17:37:21 +0000

Hello everyone. If your in to exploit development or new to this and want to learn how to do it, here’s a series of tutorials by Peter Van Eeckhoutte (a.k.a corelanc0d3r), which I strongly recommend, that will give you solid knowledge in exploit writing.
Today Peter published the latest edition to his exploit writing tutorials about Win32 Egg Hunting. Check it out:

Enjoy the reading!

Metasploit Unleashed – Mastering the Framework

Trancer — Thu, 17 Dec 2009 15:35:38 +0000

Hello everyone,
I’d like to recommend a new and free online course brought to you by the great guys at Offensive Security, the creators of BackTrack Linux distribution.

Metasploit Unleashed – Mastering the Framework online course will give you a solid knowledge base to start working with the Metasploit Framework, from simple things such as lunching an exploit to post exploitation, Meterpreter scripting and more.

But the greatest thing about this course is its main purpose, which is to promote awareness and raise funds for underprivileged children in East Africa. So if you enjoy the course and find it useful, please make a donation to Hackers For Charity.

Java Compilation mixin for Metasploit

Trancer — Wed, 03 Jun 2009 09:03:28 +0000

Here’s a new shiny mixin I wrote for the Metasploit framework – the Java Compilation mixin.
The purpose of this mixin is to bring the power of Metasploit and use it for writing and compiling Java code on-the-fly.
The mixin main usage is to write, compile and embed Java code (Java applets) in HTML pages, mainly for writing exploit and auxiliary modules that exploit vulnerabilities in the JRE\JVM.
The Java compilation mixin can also be used for creating fuzzers and other testing tools for the JRE\JVM.

Code:
javacompile.rb.

Installation:
Place the mixin in the following path:
\msf3\lib\msf\core\exploit

Include the mixin in \msf3\lib\msf\core\exploit.rb file:
# JavaCompile require 'msf/core/exploit/javacompile'

Using the mixin in exploit and auxiliary modules:
include Msf::Exploit::JAVACOMPILE

The mixin requires JDK to be installed, get it from Sun.

Usage:
OUTPUTPATH – defines the path of the working directory (where the files will be created).

java_compile(filename,data) function is used to compile Java code. filename variable sets the file and public class name and data variable defines the Java code.

java_clean(filename) function is used to clean the working directory. filename variable sets the file name to delete (both .java and .class files) from the working directory.

Demonstration:
The following “exploit” module demonstrate the Java compilation mixin by calling a simple Java applet (displaying “Hello World”) from an HTML page:
java_hello.rb (See comments in the code).

This mixin is still in an early stage and will be modified and improved in time, any kind of feedback and suggestions are welcome.
Cool exploits soon to follow :-)