Flylib.com
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors:
Neal Krawetz
BUY ON AMAZON
The Shellcoder s Handbook: Discovering and Exploiting Security
Back Cover
About
Part 1: Introduction to Exploitation: Linux on x86
Chapter 1: Before You Begin
Basic Concepts
Recognizing C Code Constructs in Assembly
Conclusion
Chapter 2: Stack Overflows
Buffers
The Stack
Overflowing Buffers on the Stack
Using an Exploit to Get Root Privileges
Defeating a Non-Executable Stack
Conclusion
Chapter 3: Shellcode
Understanding System Calls
Writing Shellcode for the exit() Syscall
Injectable Shellcode
Spawning a Shell
Conclusion
Chapter 4: Introduction to Format String Bugs
Prerequisites
What Is a Format String?
What Is a Format String Bug?
Format String Exploits
Controlling Execution for Exploitation
Why Did This Happen?
Format String Technique Roundup
Conclusion
Chapter 5: Introduction to Heap Overflows
What Is a Heap?
Finding Heap Overflows
Conclusion
Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64
Chapter 6: The Wild World of Windows
How Does Windows Differ from Linux?
Heaps
The Genius and Idiocy of the Distributed Common Object Model and DCE-RPC
Debugging Windows
Conclusion
Chapter 7: Windows Shellcode
Setting Up
Parsing the PEB
Searching with Windows Exception Handling
Popping a Shell
Conclusion
Chapter 8: Windows Overflows
Stack-Based Buffer Overflows
Stack Protection and Windows 2003 Server
Heap-Based Buffer Overflows
Exploiting Heap-Based Overflows
Other Overflows
Exploiting Buffer Overflows and Non-Executable Stacks
Conclusion
Chapter 9: Overcoming Filters
Writing Exploits for Use with an Alphanumeric Filter
Writing Exploits for Use with a Unicode Filter
Exploiting Unicode-Based Vulnerabilities
The Venetian Method
Decoder and Decoding
Conclusion
Chapter 10: Introduction to Solaris Exploitation
Introduction to the SPARC Architecture
SolarisSPARC Shellcode Basics
SolarisSPARC Stack Frame Introduction
Stack-Based Overflow Methodologies
Stack Overflow Exploitation In Action
Heap-Based Overflows on SolarisSPARC
Basic Exploit Methodology (t_delete)
Other Heap-Related Vulnerabilities
Heap Overflow Example
Other Solaris Exploitation Techniques
Conclusion
Chapter 11: Advanced Solaris Exploitation
Single Stepping the Dynamic Linker
Various Style Tricks for Solaris SPARC Heap Overflows
Advanced SolarisSPARC Shellcode
Conclusion
Chapter 12: HP Tru64 Unix Exploitation
The Alpha Architecture
Retrieving the Program Counter (GetPC)
System Call Invocation
XOR Decoder for Shellcode
.end main setuid execve Shellcode
Connect-Back Shellcode
Find-Socket Shellcode
Bind-Socket Shellcode
Stack Overflow Exploitation
Exploiting rpc.ttdbserver
Conclusion
Part 3: Vulnerability Discovery
Chapter 13: Establishing a Working Environment
Conclusion
What You Need for Reference
What You Need for Code
What You Need for Investigation
What You Need to Know
Optimizing Shellcode Development
Chapter 14: Fault Injection
Design Overview
Fault Monitoring
Putting It Together
Conclusion
Chapter 15: The Art of Fuzzing
General Theory of Fuzzing
Weaknesses in Fuzzers
Modeling Arbitrary Network Protocols
Other Fuzzer Possibilities
SPIKE
Other Fuzzers
Conclusion
Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages
Tools
Automated Source Code Analysis Tools
Methodology
Vulnerability Classes
Beyond Recognition: A Real Vulnerability versus a Bug
Conclusion
Chapter 17: Instrumented Investigation: A Manual Approach
Philosophy
Oracle extproc Overflow
Common Architectural Failures
Bypassing Input Validation and Attack Detection
Windows 2000 SNMP DOS
Finding DOS Attacks
SQL-UDP
Conclusion
Chapter 18: Tracing for Vulnerabilities
Overview
Conclusion
Chapter 19: Binary Auditing: Hacking Closed Source Software
Binary versus Source-Code Auditing: The Obvious Differences
IDA ProThe Tool of the Trade
Binary Auditing Introduction
Reconstructing Class Definitions
Manual Binary Analysis
Binary Vulnerability Examples
Conclusion
Part 4: Advanced Materials
Chapter 20: Alternative Payload Strategies
Modifying the Program
The SQL Server 3-Byte Patch
The MySQL 1-Bit Patch
OpenSSH RSA Authentication Patch
Other Runtime Patching Ideas
Upload and Run (or Proglet Server)
Syscall Proxies
Problems with Syscall Proxies
Conclusion
Chapter 21: Writing Exploits that Work in the Wild
Factors in Unreliability
Countermeasures
Conclusion
Chapter 22: Attacking Database Software
Network Layer Attacks
Application Layer Attacks
Running Operating System Commands
Exploiting Overruns at the SQL Level
Conclusion
Chapter 23: Kernel Overflows
Kernel Vulnerability Types
0day Kernel Vulnerabilities
Solaris vfs_getvfssw() Loadable Kernel Module Traversal Vulnerability
Conclusion
Chapter 24: Exploiting Kernel Vulnerabilities
The exec_ibcs2_coff_prep_zmagic() Vulnerability
Solaris vfs_getvfssw() Loadable Kernel Module Path Traversal Exploit
Conclusion
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
List of Figures
List of Tables
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors:
Neal Krawetz
BUY ON AMAZON
CISSP Exam Cram 2
Tracking Your CISSP Status
Intrusion-Detection Systems (IDS)
Exam Prep Questions
Disaster Recovery Planning (DRP)
Steganography
SQL Tips & Techniques (Miscellaneous)
Understanding SQL Transactions and Transaction Logs
Understanding SQL Subqueries
Retrieving and Manipulating Data Through Cursors
Monitoring and Enhancing MS-SQL Server Performance
Working with Stored Procedures
C++ How to Program (5th Edition)
if...else Double-Selection Statement
Summary
Type Fields and switch Statements
Reading from a Random-Access File Sequentially
G.3. Class Screen
Cisco Voice Gateways and Gatekeepers
Analog Trunks
Influencing Path Selection
Dial Plan Considerations
Secure SRST
Creating Audio Files
Cisco CallManager Fundamentals (2nd Edition)
Station Devices
Overview of Station Device Features Supported by CallManager
SCCP Station Devices
Call Detail Records
Overview of CDR Data
Competency-Based Human Resource Management
Why a Focus on Jobs Is Not Enough
Competency-Based Employee Training
Competency-Based Performance Management
The Transformation to Competency-Based HR Management
Competency-Based HR Management The Next Steps
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies