Index | Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)

A

ABI manual (Solaris/SPARC), 269

accept system call

FreeBSD, 535537

Solaris, 222

access exemptions, 36

access rights (tokens), 114

addition or subtraction overflows, 397

addl instruction (Alpha), 304

addq instruction (Alpha), 304

addresses (registers)

extended stack pointer (ESP), 2425

hardcoded addresses, 49, 125

overwriting saved return address, 71, 81

relative addresses, 4950

"Advances in Format String Exploitation" (paper), Gera, Riq, 342

ADVAPI.dll , 129

AH register, 43

Aitel, David

Hello bug, 415, 510

multiple MS Exchange overflows, 411

SPIKE, 112

Vivisection of an Exploit Development Process (article), 341

AL register, 43

"Aleph One, Smashing the Stack for Fun and Profit" (paper), 11, 340

almost extinct bug classes, 388389

Alpha Architecture Handbook, 302

Alpha CPU

calling conventions, 305306

frame pointer, 303

GetPC code, 306308

instruction set, 303305

longword size memory references, 302

memory references, 302

PALcodes , 308

Privileged Architecture Library (PAL) instructions, 308

quadword size memory references, 302

registers

64 bits, 301

floating-point registers, 302

integer registers, 302303

pointer operations, 302

stack frame, 305

stack overflows, 320322

stack pointer, 303

system calls, 308

word size memory references, 302

Alpha overflows, 306

alphanumeric filters, 197201

Andrews, Chip, creator of sqlping , 423

Anley, Chris

Creating Arbitrary Shellcode in Unicode Expanded Strings (article), 201202, 342

Venetian Method, 202, 205213

"Violating Database Security Mechanisms" (paper), 476

Apache

case-insensitive htaccess vulnerability, 414

mod_ssl off-by-one bug, 411

psprintf vulnerability, 402

source code disclosure vulnerability, 413

application fingerprinting, 505507

application layer attacks on database server software, 520521

application-specific function pointer, 81

architectural issues

asymmetry, 413

boundaries, 410411

data translation, 411412

archives of papers, 343

arguments (Linux system calls), 37

The Art of Writing Shellcode (article), smiler, 341

articles and papers

Advances in Format String Exploitation, 342

The Art of Writing Shellcode, 341

Basic Integer Overflows, 342

Bypassing MSB Data Filters for Buffer Overflows, 197198

Bypassing Stackguard and StackShield Protection, 341

Creating Arbitrary Shellcode in Unicode Expanded Strings, 201202, 342

Exploiting Format String Vulnerabilities, 342

Exploiting Windows NT 4 Buffer Overruns, 341

Format String Attacks, 342

Hacking the Linux Kernel Network Stack, 343

HackProofing Oracle Application Server, 407408

.ida Code Red Worm analysis, 343

Interception of Win32 API Calls, 342

Intrusion Detection with Snort, 289

Non-Stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP, 341

Once upon a free(), 254, 342

Problems with Msktemp(), 402

Smashing the Stack for Fun and Profit, 11, 340

The Tao of Windows Buffer Overflow, 341

Tracing activity in Windows NT/2000/XP, 342

Using Environment for Returning into Lib C, 341

Using Programmer-Written Compiler Extensions to Catch Security Holes, 530

Violating Database Security Mechanisms, 476

Vivisection of an Exploit Development Process, 341

Vudo malloc Tricks, 342

Win32 Buffer Overflows: Location, Exploitation and Prevention, 341

Writing [a] Linux Kernel Keylogger, 343

Writing ia32 Alphanumeric Shellcodes, 342

w00w00 on Heap Overflows, 341

ASCII

converting to Unicode, 202203

Venetian Method, 207210

assembler references, 334

assemblers

inline, 73

MOS-DEF, 336

NASM (Netwide Assembler), 335

assembly instructions and system calls, 3738

assembly language

binary auditing, 452

C++ code constructs, 810

IA32 processor, 6

asymmetry, 413

AT service, 111112

atexit handlers

heap overflows, 101

overwriting, 81

atexit structure, overwriting, 71

AT&T syntax, 124

attack signatures, 419

attacks

database server software

application layer attacks, 520521

network layer attacks, 510520

DOS, 422423

format string attacks

controlling execution, 6971

misconceptions, 61

auditing

state-based protocols, 360

stateless protocols, 360

auditing binaries

assembly languages, 452

closed source software, 451

code constructs

calling conventions, 456457

function layouts, 458

if statements, 458459

for loops , 459460

memcpy library function, 462

reconstructing class definitions, 464465

stack frames , 454456

strlen library function, 462463

switch statements, 460462

this pointer, 463464

while loops, 459460

difficulty of, 451

graphical analysis, 468

IDA Pro, 452454

IIS WebDAV vulnerability, 470472

jump instructions, 465

manual decompilation, 468

Microsoft SQL Server bugs , 469

PDB files, 454

RPC-DCOM interfaces, 469470

source-code auditing, 452

starting point, 466467

symbol packages (Windows), 454

virtual function tables (vtables), 465

auditing machine code

callbacks, 431

function pointers, 431

software protection schemes, 431

vulnerability tracing, 428

auditing source code

binary auditing, 452

format string bugs, 389390

methodologies

bottom-up approach, 387

selective approach, 387388

top-down (specific) approach, 386

reasons for, 383384

tools

Cbrowser, 385

CQual, 386

Cscope, 384385

Ctags, 385

editors, 385

RATS, 386

Splint, 386

vulnerabilities versus bugs, 402403

vulnerability tracing, 428

authentication

confusion with authorization, 414

MySQL, 481482

OpenSSH RSA Authentication Patch, 483484

authorization, confusion with authentication, 414

AX register, 43