Buffer overflows; the way i see it
Towards the beginning of this month, i was part of a team that had taken part in the CIPHER 5 capture the flag competition; due to lack of experience and preparation we had failed to fare well in it; we came out 22nd out of 32 worldwide.
However, buffer overflows was a topic i did not manage to cover fully during the preps for the competition; so i continued my work on it even after the it. My work is mainly on the Linux distro named DVL – Damn Vulnerable Linux(you mite wanna google it out if you have`nt heard of it); its a linux distro based on backtrack which has got vulnerable apps of many various kinds which are excellent for practice. It was referred to me by Marcus J. Carey, a security auditor who has helped me in numerous occasions.
Now, i don`t pretend to be an expert on buffer overflows; i`d rate myself intermediate. However, i`ll mention a few guidelines you could follow which might help you at exploiting overflows. SO, here are the references(please let me know if there are better ones)
1. Try reading `bout buffer overflows on wikipedia.
2. Video tutorials on “Assembly programming in Linux” which`ll explain the basics of memory management and assembly programming on an Intel x86 system by Vivek Ramachandran.(1-7 is enough). Neat work.
3.Video tutorials on “Exploiting buffer overflows” by Vivek Ramachandran(1-5). Neat again(but a bit slow).
4.Try reading “Smashing the Stack” ; an excellent article by aleph1 which was published in the Phrack magazine.
Now, once you are done with all that you could try out DVL(i used DVL 1.4); i`d suggest you go through the challenges in the -
/dvl/exploitmes_package_04/
directory before going through the others. After going through all the above tutorials the challenges in that directory should be a breeze.;-) However, if you still find trouble there are a nicely written tut`s in that directory itself. I strongly advice you not to go through them in the beginning.
So what am i upto now? Well, i`ll let you know when i`m done with that… 
P.S. if you wanna know how to download videos from www.securitytube.net , read this.
battery life ubuntu 9.04 update #1
The KDE-desktop environment, however, has surprised me. 
It had a power-management daemon which provided the following profiles; powersave, performance, aggressive powersave, presentation, and Xtreme powersave.
Also, i went through the internet looking for power management daemons which could automate these tasks for me; and i found none. It was a hot summer afternoon, and i was bored. So, i decided to make one by myself. I have`nt started on it yet, i`m just doing a bit of reading on power saving methods for now. I`m hosting a project at codeplex and i`ll release it at its successful completion. Updates on the mini-project`ll be put up here every now and then, though.
i`ve named the project power-Xtended; and the alpha version of it is about done. It`s got only a quarter of the features i`d intended to put in; the GUI is designed using the Glade-interface designer(this`s my first experience with it) and i`ve used python along with it. Here are the improvement-statistics i`ve come across on using power-X.
quite satisfactory, for an alpha, don`t you think? i`ll be releasing the next update, pretty soon, and i`ll need all your help for testing it out on various environments.
UPDATE #2
more features, `n hopefully better power mangagement; powerX beta is almost done. Will be released soon.
UPDATE #3
the project has been moved from www.codeplex.com into a site of its own. The site will be put up here soon. Due to unforseen difficulties, the release has being delayed. Please be patient.
battery life, ubuntu 9.04 ;-(
I`ve been off the internet for a considerable period of time; hence the large number of updates in a single day
13th May 2009
Yes, i`ve been off the internet for quite a while now and this is what i`ve been upto. I use a Lenovo Y410 latop which runs Ubuntu 9.04(64-bit). Previously, i used to have a battery life of about 100 minutes while running Windows Vista(and i expect around 120 minutes for Windows 7);however, i was shocked to find out that the battery life had reduced to only about 50 minutes when running ubuntu.
My initial reaction, was to believe that ALL 64-bit O.S.`s gave a reduced battery live`s(ya, i know that`s a stupid thought; but that`s what came to my mind at first); but then i recalled instances of better power management by 64-bit O.S.`s.
Searching the Ubuntu forums provided me a thread with a considerable number of people stating the same problem as i, myself had. A solution was already provided(which i implemented without haste)along with a link(www.lesswatts.org), which had to be referred to, in case you needed more performance-tweaking.
The site provided excellent information on the various tasks which use up your battery-life and could be disabled in order to save power. The power-saving methods explained on the site, however, were “general” and not for any specific linux distro; which meant i had to find the corresponding tweak in Ubuntu for myself.
I managed to find the location of these files, a lot sooner than i`d expected. The configuration of these files can be tweaked in a lot of ways; the easiest among them being the tweaking the files in the following directory:
/etc/laptop_mode/conf.d/
i`ve put a few scratch-notes i`ve made in the process; i just could`nt type them out again, it`d bore me to death!!
(sorry about all the scribbling, i guess i`m just not patient enough for a good handwriting )
i`m open to learning, so, ideas, criticisms; ALL welcome!
whoa… dint see this coming!!
today`s one of those hot `n humid evening`s when you can think of nothing to while away your time; its one of those days when the idea of watching a flick gets you headaches, and even your favorite song sounds like a blaring horn.
i generally get tired of things a bit too quickly; however, i finally decide play CounterStrike over the internet. however, the game keeps on crashing for some reason when i try to connect to online servers. i finally give up and switch back to ubuntu(i feel internet browsing`s faster on ubuntu) and read up stuff on the internet for similar-crash-cases.
the only crash cases i`d encountered before this were the packet-errors we used to have(and still occasionally have) while playing CS over a WLAN at our hostel. could a slower(on comparison with ubuntu) internet connection be the reason i`m having these errors? would these errors still persist if i could game in ubuntu?
games in ubuntu bought into my mind the recent discussion i had with Abhishek….
if i could only play CS on ubuntu.. `n then it hit me. could`nt believe it took me so long!!! i ran the game using the wine on ubuntu and whoallah!! it finds online servers, connects seamlessly and there is`nt even a hint of a lag while gaming!!
gotta go!!! lemme go and give `em a few headshots(and get a lot in return, i bet!)….
RPC DCOM exploit….
i tried out the RPC DCOM exploit last day. my test environment was set up using two virtual machines; one running bt3 and the other running an XP with service pack 1. the two VM`s were put on a NAT configuration which meant that it both of them would behave as though connected via a LAN cable.
the test wasn`t much; all i had to do was compile and execute the source code indicating the target OS and the target IP and WHOALLAH!!!
my XP machine in VMware…
backtrack running on VMware…
i run the exploit; get myself a shell!!
check out more about RPC DCOM exploits on this article by Mati Aharoni HERE.
