øvэrƒløwαrэη øη∂ørэη

Helbidez aldatzen dugu.

Orri repositorioa

Securityfocus.com webguneak kudeatutako Bugtraq posta zerrendan argitaratutako esteka interesgarri bat dakarkit gaurkoan. ORK deituriko partehartzaile batek webgune bat osatu du segurtasuna eta hacking-aren inguruko orri edo *paper* delakoez osatutako bilduma zabal batekin. Tartean Buffer Gainezkadak (BoF), Heap Gainezkadak (HoF), Iragazki ihesbideak (Filter Bypass) eta gainontzeko esplotazio teknika ezagunak hainbat ingurunetan Linux/Unix, Windows, Web Aplikazioak, etab…lantzen dituztenak daude.

Denak batean biltzen dituen webgune hontan, aipatutako edukiaz aparte, gaika sailkatutako liburuen laburpen txikiak eta estekak daude. Egileak dioenaren arabera edukia eguneratuta mantentzen saiatuko omen da, eta hala dirudi, izan ere azken eguneraketa 2008ko Urtarrilean egin omen du. Hona hemen jatorrizko bugtraq mezua (ingelesez) eta webgunearen helbidea ondoren:

Hi,
Sorry if the mail is a bit OT.
I put my collection of vuln exploitation and hacking papers online.
Nothing new, but it is a nice repository with more than 200 sorted papers.
http://www.orkspace.net/secdocs/
Bye,
ORK”

Security and Hacking Documentation (Orri Webgunea)
Bugtraq (Jatorrizko Bugtraq Mezua)

lang = euskera;

Aurrerantzean, eduki guztiak euskaraz kaleratuko dira. Segurtasun informatikoak gure hizkuntz komunitatearen barruan duen leku txikia ikusirik, hemendik ondar ale bat bideratuko dugu gaurtik aurrera.

Hasera baten ingelesez idazteko arrazoia irakurle gehiago izatea izanik eta, begibistako arrakasta falta ikusirik. Aurrerantzean edukiak euskaraz argitaratuko dira. Itzuliko zarelakoan,

- infi

New year, new...mayhem at redmond.

Alongside new year’s arrival, santa brought three new vulnerabilities to redmond’s very own collection of OS’s. The most important one has been marked as *critical* by Microsoft and could allow a remote attacker to execute arbitrary code on the victim’s machine. This is possible due to how windows handles the storing of data coming from IGMP and MLD network requests, SecurityFocus.com states.

Another vulnerability regarding the ICMP protocol could end up in a Denial of Service (DOS) attack remotely. The third one deals with window’s LSASS service, where a user with proper credentials could get complete control of the system.

References,
Diariolinux.com (Spanish)
Securityfocus.com
Microsoft Security Bulletin (Critical Flaw)

Unlocking Doug Lea's Malloc

        After a pretty long break from blogging activies here I come again with some fresh memory managing papers to read. I’ve started fooling around with Heap management exploitation for the GNU/Linux OS. There’s much more going on in each memory allocation than just a malloc() call and a return pointer. Therefore, if successful memory corruption is to happen, proper documentation is mandatory.

         In order to get efficient memory allocation, Linux makes use of the Doug Lea’s Malloc implementation (dlmalloc from now on). This implementation makes use of some complex linking and asignation methods to make use of memory as efficient and agile as posibble. Papers on this matter are not very common despite the popularity of Heap Overflow vulnerabilities in todays software.

        Two papers called my attention in their endeavour to illustrate the ups and downs of the dlmalloc implementation. Both of them where published a couple of years ago in the famous underground Phrack magazine. Both came to light in the 57th issue of the aforementioned publication. It’s a great read for these cold christmas days, give them a shot. Merry x-mas and happy new malloc(2008);

Vudo - An object superstitiously believed to embody magical powers

Once upon a free()...

Phrack.org 

Doug Lea's site 

If...

I don’t tend to make plugging but I think this time is well worth it. This is a commercial spot from Spanish company Repsol, where one of it’s lead motorbike racers, Dani Pedrosa, is featured alongside a wonderfull poem by Rudyard Kipling called “if”. Inspiring nonetheless.

Si puedes mantener la cabeza sobre los hombros
cuando otros la pierden y te cargan su culpa,
Si confías en ti mismo aún cuando todos de ti dudan,
pero aún así tomas en cuenta sus dudas;
Si puedes esperar sin que te canse la espera,
o soportar calumnias sin pagar con la misma moneda,
o ser odiado sin dar cabida al odio,
y ni ensalzas tu juicio ni ostentas tu bondad:
Si puedes soñar y no hacer de tus sueños tu guía;
Si puedes pensar sin hacer de tus pensamientos tu meta;
Si Triunfo y Derrota se cruzan en tu camino
y tratas de igual manera a ambos impostores.

Si puedes hacer un montón con todas tus victorias
Si puedes arrojarlas al capricho del azar,
y perder, y remontarte de nuevo a tus comienzos
sin que salga de tus labios una queja;
Si logras que tus nervios y el corazón sean tu fiel compañero
y resistir aunque tus fuerzas se vean menguadas
con la única ayuda de la voluntad que dice: “¡Adelante!”

Si ante la multitud das a la virtud abrigo,
Si aún marchando con reyes guardas tu sencillez,
Si no pueden herirte ni amigos ni enemigos,
Si todos te reclaman y ninguno te precisa;
Si puedes rellenar un implacable minuto
con sesenta segundos de combate bravío,
tuya es la Tierra y sus codiciados frutos,
Y, lo que es más, ¡serás un Hombre, hijo mío!

Memory Management in Linux

As I’m getting deeper and deeper in my particular adventure within the shellcoder’s handbook. I’ve realised I needed some external support regarding memory management. The book gives some inshight in the matter but just as Jack Sparrow says in Pirates of The Caribean “Impossible to find unless you’ve been there before.”. Therefore I’ve spent some days looking for a good guide or article which explains in a deeper detail what syscalls like mmap(), malloc(), brk() or free() do.

 My search went over as I found with this site. The main problem I was getting was understanding how malloc()’ed chunks are placed within a processes memory space. You can find more than that in this article but extra knowledge is always welcome, right? :-)

7 + 1 = werewolf

It’s been a couple of days since its release and I decided to give it a shot in my home workstation. During years, I’ve tried many distributions and almost all of them had some sort of bug or out-of-the-box misconfiguration that ended up taking away the fresh look and appeal they had in the home site. This second release after the name change from the traditional “Fedora Core” to just “Fedora” comes into public with a lot of noise and successful review tests. It predecessor, the Fedora 7, set the bar pretty high with high stability from the beginning. Will the newborn make his way up to his parent? If you want to find out, keep reading…:-)

From the very first moment that you put your 3,4Gb DVD in the drive, you start to get the feel that this is not just ‘another’ release of a well known OS. Unlike in other distributions install processes, you don’t get to see thousands and thousands of lines of hardware-probing-process; instead, the not so new yet powerfull Anaconda welcomes you with a fancy logo and a couple of options.

The installation is pretty straightforward from beginning to end; package selection is well organised in different areas; networking setup is intuitive as well and disk partitioning turns out to be really simple without the need of sometimes obscure fdisk-like tools.

But the fun-fair doesn’t end there. After you finish the installation process you can log in into your system with a really nice login box. It’s really impressing to see how Fedora guys have taken into account every single graphical detail to make it fit with the rest of the system.

Applicationwise you don’t get any headaches either. You either use CLI based yum or GUI based pirut to perform any install/remove/upgrade process. You even get a system tray tool to warn you about any updates available in the repositories. One of the coolest thing in this new jewel is how they got compiz-beryl to work in easy steps. There are no longer dawnting waits, broken dependencies nor buggy results. It simply works. Of course it’s not perfect, you sometimes got to download packages yourself and install it, but isn’t much considering that the RPM system is up out-of-the-box.

It isn’t as customizable as other distributions, but it copes with his task in a marvelous way. It’s what it promises to be, a newbie-friendly environment, a intuitive workstation and a sucessfull production system.

Now it’s time to express all this magnificence with a number, it could easily be a 10 out of 10. But I’ll leave it in a 9, I’ll leave the extra point for a further release, which I’m pretty confident the Fedora team will make well worth.

More info:

Fedora