A

B

"Basic Integer Overflows" (paper), blexim, 342
beq instruction (Alpha), 304
bgt instruction (Alpha), 304
bic instruction (Alpha), 304
binary analysis
manual binary analysis, 466
OllyDbg debugger, 106
binary auditing
assembly languages, 452
closed source software, 451
code constructs
calling conventions, 456 “457
function layouts, 458
if statements, 458 “459
for loops , 459 “460
memcpy library function, 462
reconstructing class definitions, 464 “465
stack frames , 454 “456
strlen library function, 462 “463
switch statements, 460 “462
this pointer, 463 “464
while loops, 459 “460
difficulty of, 451
graphical analysis, 468
IDA Pro, 452 “454
IIS WebDAV vulnerability, 470 “472
jump instructions, 465
manual decompilation, 468
Microsoft SQL Server bugs , 469
PDB files, 454
RPC-DCOM interfaces, 469 “470
source-code auditing, 452
starting point, 466 “467
symbol packages (Windows), 454
virtual function tables (vtables), 465
bind system call (Solaris), 222
bind-socket Tru64 shellcode, 319 “320
bindsocket Unix shellcode, 288
bioforge, "Hacking the Linux Kernel Network Stack" (paper), 343
bis instruction (Alpha), 304
bit flipping, 371
Blackhat briefings slides, Greg Hoglund, 381 “382
ble, bge instruction (Alpha), 304
blexim, "Basic Integer Overflows" (paper), 342
blowfish encryption, 289
blt instruction (Alpha), 304
bn, a instruction (Solaris), 220 “221
bne instruction (Alpha), 304
Bottom chunk (Solaris), 259
bottom-up approach to source code auditing, 387
bounds-checking, 390 “391
breaking chroot, 561
bridge building, 198
brk() system call, 84 “85
Bruns, Brian, documentation of Microsoft's Tabular Data Stream (TDS) protocol, 511
brute forcing, 504 “505
bsr instruction (Alpha), 304
.bss segment, 5, 84
buffer overflows
example program, 429 “431
kernel-level vulnerabilities, 530
loop constructs, 392
buffers
arrays, 12
C, 12 “13
C++, 12
defined, 12
finding length, 89
register pointers, 212 “213
stack overflows, 12 “13, 18 “20
bug classes
almost extinct, 388 “389
double free, 400
format strings, 389 “390
incorrect bounds-checking, 390 “391
integer conversions, different- sized , 398 “399
integer overflows, 396 “398
logic errors, 388
loop constructs, 392
non-null termination of strings, 393 “394
null termination in strings, 394 “395
off-by-one , 392 “393
out-of-scope memory usage, 400
signed comparisons, 395 “396
uninitialized variable usage, 400 “401
use after free, 401 “402
bugs
CDONTS.NewMail SMTP injection bug, 413
DCOM-RPC bug (MS03-26), 411
double free bugs, 368
hello , 415
Hello bug, 510
information leakage bugs, 95
Lotus Domino view ACL bypass bug, 414
Microsoft IIS double-decode bug, 413
Microsoft IIS Unicode bug, 413
Microsoft SQL Server, 469
mod_ssl off-by-one bug (Apache), 411
source code disclosure, 413
SQL-UDP, 415, 423 “424
Win32, 118
Bursztein, Lupin, Using Environment for Returning into Lib C (article), 341
bypassing input validation
alternate encodings, 415 “416
file handling, 416 “418
stripping bad data, 415
"Bypassing MSB Data Filters for Buffer Overflows" (paper), Riley "Caezar" Eller, 197 “198
Bypassing Stackguard and StackShield Protection (article), Gerardo Richarte, 341
byte matching shellcode, 288


The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net