N

O

$18 registers (Alpha CPU), 303
%o1%o5 registers (SPARC), 218
%o7 register (SPARC), 218
%o6 register (SPARC), 218
%o0 register (SPARC), 218
%o0 %o7 registers (SPARC), 217
objdump utility, 39
off-by-one vulnerabilities, 392393
offset finder, 336337
offsets, guessing
manually, 2427
No Operation (NOP) method, 2729
off_t length specifier , 395
OllyDbg debugger, 106, 118, 335, 504
"Once upon a free()" (paper), 254, 342
1-Bit Patch (MySQL), 481483
one-factor exploits, 500
open source program fuzzing, 372
open() system call, 107
open system call (Solaris), 222
OpenBSD
exec_ibcs2_coff_prep_zmagic() stack overflow, 538544, 549574
IDT (interrupt descriptor table), 564566
IDTR (interrupt descriptor table register), 564
interrupt vectors, 564
process descriptor, 558
root privileges, 567574
select() kernel stack buffer overflow, 530533
setitimer() kernel memory overwrite, 533535
OpenSSH
multiplication overflow vulnerability, 398
RSA Authentication Patch, 483484
operating system fingerprinting, 505507
optimizing shellcode development, 343344
Oracle
Alert 57, 406, 410
Alert 29, 407, 410
extproc overflow, 406410
running operating system commands, 522523
SQL*Plus, 526
Transparent Network Substrate (TNS) protocol, 510
TZ_OFFSET overflow, 416
ORCHESTRA fault injection system, 349, 353
out-of-scope memory usage vulnerabilities, 400
overflowing (defined), 4
overflowing heaps
articles and papers, 341342
atexit handlers, 101
basic theory of, 8788
defined, 86
dlmalloc , 83
.DTORS, 101
format string bugs , 82
free() system call, 8792
global function pointers, 100
GOT entries, 100
grep , 86
heapoverflow.c Windows shellcode, 126142
integer overflow heap overflow combination, 86
kernel-level vulnerabilities, 530
ltrace program, 99
malloc implementations , 83, 8992
malloc() system call, 8788, 9399
Microsoft IIS, 86
protecting against, 8687
samba, 86
Solaris Login, 86
Solaris Xsun, 86
Solaris/SPARC
arbitrary free vulnerabilities, 262
Bottom chunk , 259
chunk consolidation, 254
double free vulnerabilities, 261262
example, 262266
function pointers, 233234, 258259
limitations, 257258
off-by-one overflows, 261
small chunk corruption, 260
static data overflows, 267
style tricks, 286288
t_delete() function, 254256
tree structure, 234254
stack values, 101
threads, 502
triggering, 8889
what to overwrite, 100
Windows
calling Win32 API functions, 109
COM objects, 187188
first vectored handler at 77FC3210, 175178
logic program control data, 188
repairing the heap, 185187
RtlEnterCriticalSection in the PEB, 172174
Thread Environment Block (TEB), 184185
Unhandled Exception Filter, 178184
overflowing integers
addition or subtraction overflows, 397
articles and papers, 342
defined, 396397
integer overflow heap overflow combination, 86
kernel-level vulnerabilities, 530
multiplication overflows, 398
Professional Source Code Auditing (speech), 396
uses, 397
vulnerability tracing, 449
overflowing stacks
arbitrary size overwrite, 224
bypassing non-executable stack protection, 267268
complications, 225226
%i7 register, 225226
off-by-one vulnerabilities, 226
register windows, 224225
shellcode, 228233
static data overflows, 267
overwriting
application-specific function pointer, 81
atexit handler, 81
atexit structure, 71
C library hooks, 71
default unhandled exception handler, 71
defined, 4
entries in the DTORS section, 71, 81
function pointers, 71
Global Offset Table (GOT) entry, 7178, 81
null terminator with non-null data, 82
pointers to an exception handler, 81
saved return address, 71, 81
Solaris/SPARC, 258259


The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net