Description:
Welcome to Part 9 of the Exploit Research Megaprimer.
Please begin this series by watching Part 1, if you have not already done so!Andrew King has been one of main people behind our Questions the http://questions.securitytube.net section! In this video, Andrew is going to take you through a journey of exploiting software using various interesting techniques and new tools.
In his own words: My first video tutorial for securitytube.net. Tools used are MRI ruby 1.9.2 from source, nasm, memdump, msfpesearch, olly, sseh plug-in for olly, windbg, the jutsu component of byakugan windbg plug-in (can be found in msf3/external/source), and warftpd 1.6.5. Operating systems are Ubuntu Natty for host and XPSP3 in VirtualBox VM for client. The exploit is reproduced as a push esp, ret (the way metasploit does it). It is then rewritten to work as a SEH exploit. If you need the details of pattern offset, pattern create, msfpayload, msfencode, and banned characters review the previous videos by Vivek. If you are using Immdbg, the Olly plug-in should still work. Immdbg is Ollydbg + python and some other customisations. . If you are following along with the tutorial, do not use memdump with a debugger attached. It may modify your offsets/memory locations.
On behalf of SecurityTube, we would really like to thank Andrew for taking the time to make this video! and welcome future submissions from him. Thanks a ton Andrew!
Hope you enjoy this video! Please do leave your comments behind.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
Love the series. I find the very informative and not too long. Can't wait for more! Thanks for all the time you have put into making these videos.
Thanks! Also Andrew is playing a very key role in this primer. Both of us will be releasing more videos very soon.
Andrew, I appreciated your know-how and narrative explanation. Please consider redoing this video such that the screens are easier to read the code. Congratulations on the effort....
Andrew thank you fot this, you made even the ruby for hacker that i'm watching now, i'm very interested on it, the only thing it is that is a bit difficult to watch cause the bad quality, if you have the opportunity to upload better quality video wuold be great, thank you Andrew for the time to share your knowdlege
Well, you can navigate on the Vimeo page (I saw it when I clicked the HD button) and there you can watch the video in HD
good video