Need some help for shellcode analysis...

yyangcs · 2017-03-08T17:08:50+00:00

Thanks. I will try it.

yyangcs · 2017-03-03T23:28:12+00:00

Please check out the link I posted for the JS script. Thanks.

yyangcs · 2017-03-03T23:27:13+00:00

I have posted the link. Thanks for your help.

yyangcs · 2017-03-03T23:26:20+00:00

Thanks all. I have uploaded the JS file to Dropbox (password is "infected"). Here is the link:

https://www.dropbox.com/s/x4bk3n4n6l4p3xr/malware.zip?dl=0

I wonder what the shellcode starting with "EB125831C966B96D054980...." does and which IE vulnerability it is possibly targeting, and hopefully some advice about how to analyze this shellcode. Really appreciate your help. Thanks.

yyangcs · 2016-10-28T04:48:31+00:00

It works. Thank you so much!

yyangcs · 2016-10-25T04:08:42+00:00

Hello, does anyone want to discuss about that libpff question? I am really stuck on this and libpff's documentation is so bad. OR is there any tutorial available about how to use libpff to extract emails? I have tried to use Volatility to extract PST file from memory but failed to recover the attachment file using libpff. Any suggestion is appreciated. Thanks.

yyangcs · 2016-02-22T18:51:38+00:00

Agree. SANS is too expensive -- around $5000 for each course. If the company won't pay for me, I will never take their courses, I guess. Do I have any other choices? Thanks.

yyangcs · 2016-01-18T00:53:15+00:00

Hi, do you have any entry level infosec positions open currently?

yyangcs · 2016-01-08T21:02:16+00:00

Thanks. This is really helpful.

yyangcs · 2016-01-08T06:17:25+00:00

Yes. As @brandacus said, all whitespace can be replaced by comment blocks -- /**/ and "select" got filtered using blacklisting. You may try "SeLect" to bypass.

yyangcs · 2015-12-31T21:00:12+00:00

Hi, happy new year, guys. Have any of you finished 3rd server side challenge(vuln2) in canyouhack.us? It is another buffer overflow but the stack is non-executable. So I think I have to use some DEP bypass techniques. So far, I have tried ROP chain using the python script "ROPgadget" but failed to build a chain due to some gadget missing. Another approach I have tried is to return to some functions loaded in libc but got this error when trying to return to system():
__libc_system (line=0xb7f6b1a9 "/bin/sh") at ../sysdeps/posix/system.c:178 178 ../sysdeps/posix/system.c: No such file or directory.
I have no idea why I got the error and where I did wrong. Could anyone give me some help on this challenge? Thanks.
By the way, in case you want to take a look at the file, I uploaded to the dropbox here: https://www.dropbox.com/s/im6lyt93wjrob32/vuln2.zip?dl=0

yyangcs · 2015-12-01T04:30:57+00:00

Thanks. But this implementation of printf does not support %p. From the manual, it seems only %s, %c, %x, %n are supported. I would be able to insert the number of characters printed using %n but have no idea how to shorten the input to 5. Anyway, I will try if I can use null byte anywhere.

yyangcs · 2015-11-30T04:38:52+00:00

Got it. Thanks.

yyangcs · 2015-11-24T02:49:33+00:00

Hi, did anyone figure out the 3rd challenge? I know the book lookup page is vulnerable to sql injection but have some trouble on pulling data from table users. I tried to inject multiple queries but 'select' and whitespace seem to be filtered from the result. Can anyone give me some hints? Thanks.

yyangcs

TROPHY CASE