Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Karmic

Pages: [1]

Hacking and Security / Re: Buffer Overflow: Redirecting Program Flow

« on: September 30, 2015, 07:04:06 PM »

Thanks a lot guys. I understand what you're saying about the memory address and I think I was dolng it wrong before by overwriting EIP with the address of the call instruction not the address of the function.

Now, what is really racking my brain is how to make a program that will run the vulnerable program and find the correct memory address of the win() function.

Hacking and Security / Buffer Overflow: Redirecting Program Flow

« on: September 30, 2015, 05:38:57 PM »

Hello all,

I have a problem that requires me to redirect program flow in the program below. There is obviously a buffer overflow and my job is to make it say "You won!" instead of "You lost!".

I am quite stumped because I know I can insert code into the buffer that will print out "You won" when referenced, but I don't know how to actually get to the real function call.

My idea is that I need to point the return address to the won() function's address, but I do not know how to get that address.

Any ideas are much appreciated.

Code: [Select]

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>

void win() {

	printf( "You Won!");
}
void lose() {
	printf( "You lost!");
}

int check(char *name) {
	char buffer[16];

	strcpy( buffer, name );

	printf( "Your name is: %s \n", buffer);
	printf( "The buffer address is [%p].\n", &buffer );
	// Call the random function
	srand(time(NULL));

	return rand();

}

int main(int argc, char **argv) {
	int randnum;
	randnum = check(argv[1]);
	if(randnum < 5) {
		win();
	} else {
		lose();
	}
// Return everything is OK
return( 0 );

}

C - C++ / Re: Import Table Hooking in C with Win32 API

« on: April 29, 2015, 06:21:10 PM »

Thanks HTH, I looked through it and I think I have a better understanding of what needs to be done, and fortunately the deadline was extended so I think i'll be able to finish.

Xires, this is a Windows internals and exploit development course focusing on persistence and priv esc in Windows. It's offered through an organization called cyberwarriors (worst name ever) to university students with some security background.

It's sponsored by the U.S. defense community, with whom you may not necessarily agree with, but hey, if they want to give free training, take it

C - C++ / Import Table Hooking in C with Win32 API

« on: April 26, 2015, 04:28:07 AM »

I have the following assignment in class:

Develop a Win32 DLL that can be injected into a process using the injector that you have developed in Lab #2 (Code Injection). This DLL must install an import table hook to intercept calls made to the function CreateFileW() in kernelbase.dll from the mode kernel32.dll. The hook function must display the lpFileName parameter to CreateFileW() using OutputDebugString(). You will build a DLL (not an .EXE).

I have programmed the the injector and it works, but I am having a lot of trouble with the DLL. I dont want the answer, just a few clarifications.

I understand how to locate the IAT entry for CreateFileW() and how to change the value for it. I don't quite understand the following:

1. What do I change the IAT entry of CreateFileW() to? my malicious dll and have it execute my version of CreateFileW()?

General discussion / Re: Schools or Certs?

« on: April 19, 2015, 04:28:40 AM »

Agreed with DeepCopy. I know someone in your situation, they wanted to get into IT so they started studying for their A+ and doing their own learning. Also they are letting potential employers what they are doing on their own and what their certification plan is etc.

In my experience employers want good employees, one that wants to learn and is driven. They can teach you the skills you need to know, but they can't change who you are.

Keep working, make it a part of your life, and let employers know your ambitions with your certifications etc.

Finally, get those certs and never stop learning.

Operating System / Re: Questions For Kali as main OS.

« on: April 12, 2015, 11:19:52 PM »

Thanks for the sound advice. I've been doing a bit of research and I think I'm going to take the advice and switch to Debian and just have a custom Kali VM.

I'd like to run Slackware at some point, but school is my greatest impediment to knowledge so that will have to wait.

Operating System / Questions For Kali as main OS.

« on: April 12, 2015, 10:39:21 PM »

I've used Ubuntu and Fedora for a few years now and have a good/decent grasp on linux. I am a student who studies security a lot and is looking to get into to pen testing eventually so I decided to run Kali linux as my main OS. This is to get a feel for all the tools in Kali as well as get some troubleshooting experience fixing various issues.

I have set it up with my graphics card, no root logon (only can sudo into root), and various other mods to make it usable and slightly more secure. I have it in a position that I like and it's running quite well on my system. However I do have some questions about what I am doing.

1. Is this even a good idea? Could I easily get owned even with my firewall rules and settings all optimized?

2. Is there any issue I should be aware of that will likely sway my decision?

3. If this is a terrible idea, what distro's should I look into (Like Slackware, Arch, FreeBSD) if my main interest is security?

Hacking and Security / Re: How do you practise hacking?

« on: March 30, 2015, 09:06:51 PM »

I'm a student and have been studying security for the past year or so. What hat you wear is up to you, but keep in mind the repercussions if you are caught. It will do you good to set up a few virtual machines with older OS's and/or vulnerable web servers made by OWASP (I like the Broken Web Application Project) or the De-ICE live cd's. These will give you a good base to go off of. Bug bounty programs are great too, but a bit more challenging and I wouldn't recommend them until you have a firm grasp on your own environment.

Also, keep reading, especially about programming, I have been working on this for over a year and I'm still somewhat of a skiddie.

Good luck in your endeavours

Pages: [1]