Page 10 of 13 FirstFirst ... 89101112 ... LastLast
Results 91 to 100 of 123

Thread: Pentesting Documentation

  1. #91
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Thumbs up

    Quote Originally Posted by AnActivist View Post
    Because of a PM from thorin a couple weeks ago I said that if there was interest I would absolutely post the information I have accumulated to the wiki. I'm honored to give back to the community. I'll get started figuring out how to add the reformatted HowTo's to the wiki right away. Thank you everyone for the recognition.
    Good to hear

    I also vote for the wiki btw.

    Looking forward to it. Keep up the great work AnActivist.
    Tiocfaidh ár lá

  2. #92
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Hey guys I just read the front page of the wiki and it says that its being retired for this wiki which one do you think I should post my HowTos to? The reason I am hesitant is because the new wiki appears to be only for BT4 (a lot of what I have documented is using BT3) but I'm not sure if it would help more if it was on the updated one.

  3. #93
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by AnActivist View Post
    Hey guys I just read the front page of the wiki and it says that its being retired for this wiki which one do you think I should post my HowTos to? The reason I am hesitant is because the new wiki appears to be only for BT4 (a lot of what I have documented is using BT3) but I'm not sure if it would help more if it was on the updated one.
    Contact Pureh@te he will have the best guidance.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #94
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Thanks for the tip archangel.amael. Pureh@te suggested that I just make sure that everything is compatible with BT4-Beta. That being said I've finally upgraded to BT4-Beta, and I'm going to go back and test everything then its on to the newer BT4 Wiki. Thanks for everyones help. Also if you already know that a specific works with BT4-Beta just let me know, and I'll just change the title/references around.

  5. #95
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Hello Everyone,

    I contacted Purh@te but he's a little bit busy with the release of BT4 coming up no worries though. It has been a little while. This is because I have been finishing up the steps for my graduation from high school. I'm very excited. I'll be going to Cal Poly SLO after summer break, I'm going to be majoring in CSC but I'm going to try to transfer into Mechanical Engineering.

    For my graduation my parents hooked me up with a pretty amazing laptop: Dell XPS M1730. Right now it has windows Vista on it, but I'll just come right out and say that I don't really like Microsoft all that much and have for the most part been a die hard Ubuntu user. I have been doing some reading and it looks like configuring Ubuntu for my laptop is a little bit tricky. I have no doubt that configuring it with Backtrack may be several times more tricky so I plan to take it slow and move away from Microsoft a little bit slower than I did with my desktop.

    I'll lay out some of my goals for the summer:
    -Get my laptop up and running with Ubuntu (or another distro) flawlessly
    -Get Backtrack up and running inside VMWare
    -Read "The Shellcoder's Handbook" and "Rootkits: Subverting the Windows Kernel" together.
    -Read "Linksys WRT54G hacking" and "WiFoo: Secrets" together.
    -Continue exploration of C++/ASM
    -Continue exploration of Metasploit/try to emulate several existing exploits
    -Once purhate gives me a wiki account put up my existing HowTos and try to create more

    Well one could say its a pretty big list , if anyone has any advice they would like to share as always it will be appreciated. I'm very excited to start making some progress.

    As a side note, I'm going to also be pursuing hypnotism, as I think its very interesting.

  6. #96
    Junior Member
    Join Date
    Mar 2009
    Posts
    83

    Default

    Quote Originally Posted by AnActivist View Post
    Hello Everyone,

    I contacted Purh@te but he's a little bit busy with the release of BT4 coming up no worries though. It has been a little while. This is because I have been finishing up the steps for my graduation from high school. I'm very excited. I'll be going to Cal Poly SLO after summer break, I'm going to be majoring in CSC but I'm going to try to transfer into Mechanical Engineering.

    For my graduation my parents hooked me up with a pretty amazing laptop: Dell XPS M1730. Right now it has windows Vista on it, but I'll just come right out and say that I don't really like Microsoft all that much and have for the most part been a die hard Ubuntu user. I have been doing some reading and it looks like configuring Ubuntu for my laptop is a little bit tricky. I have no doubt that configuring it with Backtrack may be several times more tricky so I plan to take it slow and move away from Microsoft a little bit slower than I did with my desktop.

    I'll lay out some of my goals for the summer:
    -Get my laptop up and running with Ubuntu (or another distro) flawlessly
    -Get Backtrack up and running inside VMWare
    -Read "The Shellcoder's Handbook" and "Rootkits: Subverting the Windows Kernel" together.
    -Read "Linksys WRT54G hacking" and "WiFoo: Secrets" together.
    -Continue exploration of C++/ASM
    -Continue exploration of Metasploit/try to emulate several existing exploits
    -Once purhate gives me a wiki account put up my existing HowTos and try to create more

    Well one could say its a pretty big list , if anyone has any advice they would like to share as always it will be appreciated. I'm very excited to start making some progress.

    As a side note, I'm going to also be pursuing hypnotism, as I think its very interesting.
    thats great to hear dude. Gratz on the upcoming graduation of high school i'll be one of the many here looking forward to that wiki!

  7. #97
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    I've been reading "The Shellcoder's Handbook" and there is one example that has really been causing me a little bit of a headache. I think I have diuscovered an error in the book; I have been unable to find anywhere else that this is documented on the internet so I've done my own research. After reading this if you can either confirm or prove wrong my hypothesis your help would be appreciated.

    Hypothesis: There is an error in "The Shellcoder's Handbook - Discovering And Exploiting Security Holes (2004)" in Chapter 2: Stack Overflows, Functions and the Stack, figure 2.3. This error basically describes the low memory addresses to be the bottom of the stack and the high ones to be the top. I think this is false, and the picture should actually be the other way around.

    Sources: Phrack Magazine " Smashing the Stack for fun and profit"
    The Shellcoder's Handbook - Discovering And Exploiting Security Holes (2004)

    This is the example code that is used in "The Shellcoders Handbook"
    Code:
    void function(int a, int b){
         int array[5];
    }
    main()
    {
    
     function(1,2);
     printf("This is where the return address points");
    }
    then this is the image 2.3 (recreated but feel to check it out in your copy)

    The difficult thing is that many different sources visually describe the stack differently; however from the reading I have done in both the Shellcoder's Handbook and outside sources (include the Phrack Magazine article listed above) I have gathered the following:

    The stack is a LIFO structure that grows down, meaning it grows from high memory to low memory. One would then go one step farther and say that the top of the stack is at the lowest memory address and the bottom is at the highest memory address.

    This would lead me to conclude that the figure 2.3 is labeled incorrectly. It is also flipped upside down depending on how you look at the stack (however this is trivial because it depends on perception).

    Here is another example from the Phrack Magazine article "Smashing the Stack for Fun and Profit", you can see the difference.
    Code:
    void function(int a, int b, int c) {
       char buffer1[5];
       char buffer2[10];
    }
    
    void main() {
      function(1,2,3);
    }
    Code:
    bottom of                                                            top of
    memory                                                               memory
               buffer2       buffer1   sfp   ret   a     b     c
    <------   [            ][        ][    ][    ][    ][    ][    ]
    	   
    top of                                                            bottom of
    stack                                                                 stack
    Thank you as always for reading, I'm looking forward to some more experienced input.

  8. #98
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Yup, the stack grows down, so the image is basically in the wrong way.

    Might be so that someone who never dealt with it can visualize it better. But not sure what the real intention was or if it is just "messed up" by accident.
    Tiocfaidh ár lá

  9. #99
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    If I am understanding your picture correctly then my copy (2nd Edition) has the picture the exact opposite of yours.
    http://picasaweb.google.com/Archange...eat=directlink
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #100
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Hmm,

    That may confirm my hypothesis then because I have the 2004 edition (the second came out in 2007 correct?) This is a picture from my copy:
    http://i407.photobucket.com/albums/p...reenshot-1.png
    If it is a mistake its strange that there hasn't been any statement or documentation that there is an error, does anyone else have the 2004 version and can confirm?

Page 10 of 13 FirstFirst ... 89101112 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •