Flylib.com
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors:
Neal Krawetz
BUY ON AMAZON
The Shellcoder s Handbook: Discovering and Exploiting Security
Back Cover
About
Part 1: Introduction to Exploitation: Linux on x86
Chapter 1: Before You Begin
Basic Concepts
Recognizing C Code Constructs in Assembly
Conclusion
Chapter 2: Stack Overflows
Buffers
The Stack
Overflowing Buffers on the Stack
Using an Exploit to Get Root Privileges
Defeating a Non-Executable Stack
Conclusion
Chapter 3: Shellcode
Understanding System Calls
Writing Shellcode for the exit() Syscall
Injectable Shellcode
Spawning a Shell
Conclusion
Chapter 4: Introduction to Format String Bugs
Prerequisites
What Is a Format String?
What Is a Format String Bug?
Format String Exploits
Controlling Execution for Exploitation
Why Did This Happen?
Format String Technique Roundup
Conclusion
Chapter 5: Introduction to Heap Overflows
What Is a Heap?
Finding Heap Overflows
Conclusion
Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64
Chapter 6: The Wild World of Windows
How Does Windows Differ from Linux?
Heaps
The Genius and Idiocy of the Distributed Common Object Model and DCE-RPC
Debugging Windows
Conclusion
Chapter 7: Windows Shellcode
Setting Up
Parsing the PEB
Searching with Windows Exception Handling
Popping a Shell
Conclusion
Chapter 8: Windows Overflows
Stack-Based Buffer Overflows
Stack Protection and Windows 2003 Server
Heap-Based Buffer Overflows
Exploiting Heap-Based Overflows
Other Overflows
Exploiting Buffer Overflows and Non-Executable Stacks
Conclusion
Chapter 9: Overcoming Filters
Writing Exploits for Use with an Alphanumeric Filter
Writing Exploits for Use with a Unicode Filter
Exploiting Unicode-Based Vulnerabilities
The Venetian Method
Decoder and Decoding
Conclusion
Chapter 10: Introduction to Solaris Exploitation
Introduction to the SPARC Architecture
SolarisSPARC Shellcode Basics
SolarisSPARC Stack Frame Introduction
Stack-Based Overflow Methodologies
Stack Overflow Exploitation In Action
Heap-Based Overflows on SolarisSPARC
Basic Exploit Methodology (t_delete)
Other Heap-Related Vulnerabilities
Heap Overflow Example
Other Solaris Exploitation Techniques
Conclusion
Chapter 11: Advanced Solaris Exploitation
Single Stepping the Dynamic Linker
Various Style Tricks for Solaris SPARC Heap Overflows
Advanced SolarisSPARC Shellcode
Conclusion
Chapter 12: HP Tru64 Unix Exploitation
The Alpha Architecture
Retrieving the Program Counter (GetPC)
System Call Invocation
XOR Decoder for Shellcode
.end main setuid execve Shellcode
Connect-Back Shellcode
Find-Socket Shellcode
Bind-Socket Shellcode
Stack Overflow Exploitation
Exploiting rpc.ttdbserver
Conclusion
Part 3: Vulnerability Discovery
Chapter 13: Establishing a Working Environment
Conclusion
What You Need for Reference
What You Need for Code
What You Need for Investigation
What You Need to Know
Optimizing Shellcode Development
Chapter 14: Fault Injection
Design Overview
Fault Monitoring
Putting It Together
Conclusion
Chapter 15: The Art of Fuzzing
General Theory of Fuzzing
Weaknesses in Fuzzers
Modeling Arbitrary Network Protocols
Other Fuzzer Possibilities
SPIKE
Other Fuzzers
Conclusion
Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages
Tools
Automated Source Code Analysis Tools
Methodology
Vulnerability Classes
Beyond Recognition: A Real Vulnerability versus a Bug
Conclusion
Chapter 17: Instrumented Investigation: A Manual Approach
Philosophy
Oracle extproc Overflow
Common Architectural Failures
Bypassing Input Validation and Attack Detection
Windows 2000 SNMP DOS
Finding DOS Attacks
SQL-UDP
Conclusion
Chapter 18: Tracing for Vulnerabilities
Overview
Conclusion
Chapter 19: Binary Auditing: Hacking Closed Source Software
Binary versus Source-Code Auditing: The Obvious Differences
IDA ProThe Tool of the Trade
Binary Auditing Introduction
Reconstructing Class Definitions
Manual Binary Analysis
Binary Vulnerability Examples
Conclusion
Part 4: Advanced Materials
Chapter 20: Alternative Payload Strategies
Modifying the Program
The SQL Server 3-Byte Patch
The MySQL 1-Bit Patch
OpenSSH RSA Authentication Patch
Other Runtime Patching Ideas
Upload and Run (or Proglet Server)
Syscall Proxies
Problems with Syscall Proxies
Conclusion
Chapter 21: Writing Exploits that Work in the Wild
Factors in Unreliability
Countermeasures
Conclusion
Chapter 22: Attacking Database Software
Network Layer Attacks
Application Layer Attacks
Running Operating System Commands
Exploiting Overruns at the SQL Level
Conclusion
Chapter 23: Kernel Overflows
Kernel Vulnerability Types
0day Kernel Vulnerabilities
Solaris vfs_getvfssw() Loadable Kernel Module Traversal Vulnerability
Conclusion
Chapter 24: Exploiting Kernel Vulnerabilities
The exec_ibcs2_coff_prep_zmagic() Vulnerability
Solaris vfs_getvfssw() Loadable Kernel Module Path Traversal Exploit
Conclusion
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
List of Figures
List of Tables
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors:
Neal Krawetz
BUY ON AMAZON
Similar book on Amazon
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Ubuntu Linux Toolbox: 1000+ Commands for Ubuntu and Debian Power Users
Pro Ubuntu Server Administration (Expert's Voice in Linux)
Ubuntu: Powerful Hacks and Customizations
The CISSP and CAP Prep Guide: Platinum Edition
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Paging
Configuring Call Transfer and Forward
Trunk Signaling Systems
Subscriber Features
Troubleshooting Basic Cisco IPC Express Features
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
The Two Sides of the Cisco Unified CallManager Cluster
Antivirus Protection
Review Questions
Monitoring Performance
Competency-Based Human Resource Management
Competency-Based Performance Management
Competency-Based Employee Rewards
The Transformation to Competency-Based HR Management
Competency-Based HR Management The Next Steps
Appendix B Further Suggestions on Employee Development
Mapping Hacks: Tips & Tools for Electronic Cartography
Hack 36. Shorten Online Map URLs
Hack 60. Improve the Accuracy of Your GPS with Differential GPS
Hack 71. Turn Your Tracklogs into ESRI Shapefiles
Hack 80. Automatically Geocode U.S. Addresses
Hack 86. Track a Package Across the U.S.
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Hack 21. Track the International Space Station
Hack 26. Follow Your Packets Across the Internet
Hack 49. Generate Geocoded RSS from Any Google Map
Hacks 5161: Introduction
Hack 59. Show Lots of StuffQuickly
User Interfaces in C#: Windows Forms and Custom Controls
Creating Usable Interfaces
Designing with Classes and Tiers
Modern Controls
Design-Time Support for Custom Controls
Data Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies