<3

Posted: July 15, 2012 in Favourite

“Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a life time.”

– Felix “FX” Lindner

Haiz….

Posted: July 15, 2012 in feeling

I just found one…. but too bad, she is occupied. : (

Defcon

Posted: July 1, 2012 in Uncategorized
Tags:

Hello Defcon, 
I will be coming to you one day! ūüôā

Need a team

Posted: July 1, 2012 in Uncategorized
Tags:

Damnn…. I need a better team. Each of them should specialize in one thing so that I don’t need to go around and check what they are doing. But where can I find those people? :((

List of Free Proxy Servers

Posted: March 25, 2012 in IT

Here is the list of free proxy servers. It is better to use with proxy chain || foxyproxy. Enjoy!

http://tempspotinclud3m3.appspot.com/files/index.html

I put some time in and compiled a list in a course type layout to help people in process of learning exploit development. I hope my research will help others spend more time learning and less time searching.

First off I want to thank the corelan guys for the help they have provided me so far in the process.

layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning

desktop background Link to Backgrounds

Other Posts like this one:
Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
past-present-future of windows exploitation
smashing the stack in 2010
IT-Sec-catalog
Part 1: Programming

Parallel learning #1:(complete this section before getting to the book “Hacking Art of exploitation”)

While going through the programming area I concentrate on core topics to help us later on with exploit writing. One area that is very good to pick up is some kind of scripting language. Listed below are some of the most popular scripting languages and ones I feel will prove to be the most useful.
Python: One of my favorite languages and growing in popularity python is a powerful language that is easy to use and well documented.
Learn Python the hard way

Wikibooks Python

http://docs.python.org/

onlinecomputerbooks.com

Grey hat python

 
Ruby: If you plan on later on working inside of metasploit this may be the language you want to start with. I highly suggest this for exploit developers to learn.
Wikibooks Ruby

LittleBookOfRuby

Ruby Programmers Guide

onlinecomputerbooks.com
Perl: An older language that still has a lot of use perl is one of the highest used scripting languages and you will see it used in many exploits. (I would suggest python over perl)

[book]

O’Reilly Learning Perl

onlinecomputerbooks.com

 

C and C++ programming:

It is very important to understand what you are exploiting so to get started let us figure out what we are exploiting. You do not need to go through all of these but when finished with this section you should have a good understanding of C and C++ programming.
Cprogramming.com

http://www.java2s.com/Tutorial/C/CatalogC.htm

http://beej.us/guide/bgc/

onlinecomputerbooks.com

X86 Assembly:

Ok now to understand what the computer reads when we compile C and C++. I am going to mostly stick to the IA-32(X86) assembly language. Read the first link to understand why. It explains it very well.
Skullsecurity: Assembly

Windows Assembly Programming Tutorial

http://en.wikibooks.org/wiki/X86_Assembly

[book]

The Art of Assembly

Assembly primer for hackers

PC Assembly Language

Windows Programming:

This is to help understand what we are programming in and the structure of libraries in the OS. This area is very important far down the line
http://en.wikibooks.org/wiki/Windows_Programming

http://www.relisoft.com/win32/index.htm

[book]

Windows Internals 5

[book]

Windows Internals 4

Disassembly:

Dissassembly is not as much programming as it is what the computer understands and the way it is interpreted from CPU and memory. This is where we start getting into the good stuff.
http://en.wikibooks.org/wiki/X86_disassembly

The Art of Disassembly

Part 2: Getting started

Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation.

Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed.
Smash the stack for fun and profit (Phrack 49)

C function call conventions and the stack

Anatomy of a program in memory

Function Calls, Part 1 (the Basics)

IA-32 Architecture

[videos]

Code Audit from cryptocity.net

(Parallel learning #1 finished:

You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages)
[Book]

Hacking art of exploitation [Chapter 1&2]

Corelan T1

Corelan T2

Parallel learning #2:(complete this section before end of part 2)

(Read the first few posts on this blog has some good info)
Kspice blog

(Read some of the post from this blog they are very helpful with starting out with fuzzers.)
Nullthreat’s blog

(I am linked directly to a demo exploit for this area but this is a useful blog to keep track of for many things)

A demo exploit

tenouk.com: Buffer overflow intro

The Tao of Windows Buffer Overflow

nsfsecurity on BOF

Hacker center: BOF

Buffer overflow Primer

[Book]

Shellcoder’s Handbook Ch1&2

[Book]

Hacking art of exploitation [Chapter 3]

Corelan T3A

Corelan T3B

SEH Based Exploits and the development process

SEH overwrite simplified

((Parallel learning #2 finished:)
Part 3:Tools of the trade

This is a list of tools I have started using and find very useful.
Immunity Debugger

Ollydbg

Windbg

IDA Pro

explorer suite

Sysinternals

And here are some corelan posts on how to use them. I will supply more in future but this is a very good start.

Corelan T5

Corelan: Immunity debugger cheatsheet

Part 4: Network and Metasploit

(Networking)
Beej.us network programming

[Book]

Hacking art of exploitation [Chapter 4]

Socket Programming in ruby

(Metasploit)

[Video]

Security Tube: Metasploit Megaprimer
Metasploit.com

Metasploit Unleashed

Metasploit Louisville Class

Metasploitable (a target)

Corelan T4

intern0t: developing my first exploit

DHAtEnclaveForensics: Exploit Creation in Metasploit

Wikibooks Metasploit/Writing Windows Exploit

Part 5: Shellcode
Corelan T9

projectShellcode: Shellcode Tutorial

[Book]

Shellcoder’s Handbook Ch3

[Book]

Hacking art of exploitation [Chapter 5]

Writing small shellcode

Shell-storm Shellcode database

Advanced shellcode

Part 6: Engineering in Reverse

Parallel Learning #3:(constant place to reference and use for reversing)
Understanding Code

Reverse Engineering the World

Reversing for Newbies

Room362.com reversing blog post

Ethicalhacker.net intro to reverse engineering

acm.uiuc.edu Intro to Reverse Engineering software

[Book]

Reversing: secrets of reverse engineering

Reverse Engineering from cryptocity.net

CrackZ’s Reverse Engineering Page

Reverse engineering techniques

CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View

HistoryofPackingTechnology

Windows PE Header

OpenRCE Articles

[GAME]

Crackmes.de

Part 7: Getting a little deeper into BOF

Parallel Learning #4:(To the end of the course and beyond)

Find old exploits on

Exploit-db

download them, test them, rewrite them, understand them.

(Part A: preventions)
Buffer overflow protection

The evolution of Microsoft’s Mitigations

Purdue.edu: Canary Bit

Preventing the exploitation of SEH Overwrites with SEHOP

Bypassing SEHOP

Wikipedia Executable space protextion

Wikipedia DEP

Bypassing Hardware based DEP

Wikipedia ASLR

Symantec ASLR in Vista

Defeating the Stack Based Buffer Overflow Prevention

Corelan T6

Return to libc

microsoft protections video 

(Part B: Advanced BOF)

Exploitation from cryptocity.net

Corelan T7

Corelan T8

Corelan T10

Virtual Worlds – Real Exploits

[GAME]

Gera’s Insecure Programming

[GAME]

Smash the stack wargaming network

 

Part 8: Heap overflow

Heap Overflows for Humans-101

rm -rf / on heap overflow

w00w00 on heap overflow

[book]

Shellcoder’s Handbook Ch4&5

h-online A heap of Risk

Defcon 15 remedial Heap Overflows

heap overflow: ancient art of unlink seduction

Memory corruptions part II — heap

[book]

Read the rest of Shellcoder’s Handbook

Part 9: Exploit listing sites
Exploit-DB

Injector

CVE Details

Packetstorm

CERT

Mitre

National Vulnerability Database

(bonus: site that lists types of vulnerabilties and info)
Common Weakness Enumberation

Part 10: To come

1. Fuzzing

2. File Format

3. and more
If anyone has any good links to add post a comment and I will try to add them or send me the link and I will review and add it.

If anyone finds any bad or false information in any of these tutorials please let me know. I do not want people reading this getting bad information.

CREDIT TO:  http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

I really love that post and I want to put into my collection. So, I copied from the link provided above.

Of the 16¬†numbers¬†you¬†see in the¬†Visa¬†or¬†MasterCard¬†credit¬†card,¬†the first¬†6 digits¬†is the”issuer¬†identifier”,¬†ie¬†the credit¬†card type¬†code.¬†If the¬†sixth¬†digit¬†is preceded¬†by 4,¬†meaning the credit¬†card¬†type is Visa.¬†However,¬†if the¬†six¬†digits¬†are¬†preceded by¬†5, meaning¬†the creditcard¬†type is MasterCard.¬†Next,¬†a¬†last digit of¬†16 digit¬†numbers on¬†the credit¬†card¬†serves¬†as a”check¬†digit”,¬†whose function is¬†only¬†for¬†the validation¬†checks¬†credit¬†card numbers.¬†Since the¬†initial¬†6 digits¬†and¬†last¬†digit¬†1¬†is¬†already¬†a¬†significance,¬†meaning¬†remaining¬†9 digits¬†in the middle¬†that serves¬†as an¬†“account number”.¬†Therefore¬†there were 10¬†possible¬†numbers(from¬†the digits 0¬†to 9)¬†which¬†can be inserted¬†into¬†each¬†digit¬†from¬†9 digit¬†“account number” is,¬†then the¬†resulting¬†combination¬†of¬†9 digits¬†amounted to¬†1 billion¬†possible¬†numbers¬†foreach type¬†of credit¬†card¬†(visa¬†or¬†MasterCard).¬†The¬†algorithm¬†used¬†to¬†generate¬†a row of¬†16 points¬†for¬†credit¬†card¬†numbers¬†is called¬†an algorithm¬†“Luhn”¬†or¬†“Mod¬†10”.¬†Back in¬†1954,Hans¬†Luhn¬†of¬†IBM¬†is the¬†person¬†who first¬†proposed the¬†application of¬†algorithms¬†to determine¬†the validity of¬†a¬†credit¬†card number.¬†The workings of¬†a¬†simple¬†algorithm¬†(butexcellent)¬†are as¬†follows:
1.   Starting at the first digit, multiply two-digit occupies all odd numbers, so as a whole will have 8 digits that you multiply by 2, the digit to 1, 3, 5, 7, 9, 11, 13, and 15.
 2.  If the square 2 result in a number of two digits (10, 12, 14, 16, or 18), the sum of each digit numbers to produce a new digit, so that the results of the first and second steps are fixed in the form 8 the number.
3.   The next step, replace all the numbers (credit card number) located in the odd positiondigits with 8 new figures, to generate a new row of 16 points.
4.   The final step, add up to-16 figure.If the sum is a multiple of 10, meaning the credit card number is valid, and conversely, if nota multiple of 10, meaning the credit card number is invalid. Below I give examples of actualcalculations:
As you can see in the picture above this, the credit card number is 4552 7204 1234 5678,because it begins with 4, it means the card type Visa. Now we do the calculations.
If¬†you have¬†carefully¬†calculated, it will be¬†seen that¬†the final count¬†is 61, which is¬†NOT amultiple of 10¬†numbers,¬†so that¬†we can be sure¬†that¬†the credit¬†card number¬†is¬†invalid.¬†If¬†the “check¬†digit”¬†in¬†the example¬†is¬†not 8,¬†but¬†7, then¬†the¬†algorithm,¬†the credit¬†card number¬†will¬†bevalid,¬†because the total¬†sum¬†will be changed to¬†60,¬†a number is¬†a multiple of 10.¬†Here’s another example:
Once again, do the calculations according to Luhn algorithm above for MasterCard creditcard number is 5490 1234 5678 9123.
As you can count itself, the total sum is 65, so the credit card number is invalid, because thenumber 65 is NOT a multiple of 10.
If only,¬†“check¬†digit”¬†credit¬†cards¬†instead of 3,¬†but¬†8, then¬†sum¬†the results¬†would be 70,¬†which is a¬†multiple of 10,¬†so that¬†the credit¬†card number¬†will¬†be¬†valid¬†(the¬†algorithm).¬†Validunderstanding¬†of the above is¬†valid¬†mathematical¬†calculation,¬†it does not mean¬†that creditcard number¬†is absolutely certain¬†that¬†the original¬†credit¬†card number.
Due¬†to¬†credit¬†card¬†checks¬†(at the time of¬†online transactions,¬†for example) is required¬†notonly a¬†credit¬†card number¬†only,¬†but¬†also “expiry¬†date”,¬†and¬†“card¬†security code”¬†or collectively, the¬†CVV¬†(Card¬†Verification¬†Value)¬†or¬†CVC¬†(Card¬†Verification¬†code)¬†which is the¬†last 3 digits¬†behind¬†the credit¬†card.
PS:¬†For¬†American Express credit¬†card,¬†the number of¬†digits¬†instead of 16,¬†but¬†only¬†15, andalways begin¬†with 34¬†or 37¬†for¬†the first¬†2 digits.As for the¬†“account number” it¬†only¬†has a¬†length of 8¬†digits,¬†not 9¬†digits¬†such as¬†credit¬†cardtype¬†Visa¬†or¬†MasterCard.