Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Drilling down Apache codes for fun and learning

  1. #1
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    4

    Default Drilling down Apache codes for fun and learning

    Alright
    I've done my researches and experiments about stack (and heap) buff Over flow, format strings, networks, exploit, payloads, c++, socks programming, assemble, and so on.
    Now I wanna take a step furher. It'd be much more fun if I were able to costumize my exploits and even write my own. I've been reading some exemples about the process of writing exploits, but so far all of them are about samples programs, not real ones. So I decided to make some "case studies", I mean, take a known and wide used daemon, like Apache, and looking into his source code for how a given function could be exploited, or debugging it and see how he behaves in a machine level. Or maybe, find out how old classic exploits of early apache versions were developed.

    Anyway, what I'm doing here is asking you guys for tips, books, threads, or any text about how to identify vulnerability and the techiniques to exploit them. Papers, ezines, other forums, showing in details how a given exploit works inside a given program would be nice too.
    And finally, where the hell can I chat to people about this stuff?! By now, I've been doing things alone, but a little bit of real time conversation would also be nice.

    I hope I've been understandable here and that you could help me. I think I don't need to mention that answers like "google it", "google is ur friend", are very unwelcomed. If I wanted look out for my own, like I've done so far, I would do it. I was just woundered I could use the experience of people how had already been trough this "step of the ladder". After all, no problem should be solved twice.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Drilling down Apache codes for fun and learning

    There's tutorials all over the place on this subject. The ones I am fond of are the ones here, and here. There are further references linked from each of those general areas. I might be a little biased in at least one of those cases.

    And by the way, Googling "buffer overflow tutorial" led me directly to one of the tutorials that I just mentioned. Just sayin.

    Some other general links I have found helpful that I dont think are linked from either of the above:
    Skypher
    OpenRCE

    "Hacking: The Art of Exploitation" is a good book on the subject, as is "The Shellcoders Handbook".
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    4

    Default Nice post Lupin

    Thanks for the answer lupin. As I tought googling "buffer overflow tutorial" would not led me to anything new. By the way, I've just ended studing "The Art of Explotation" (i mean, reading very carefully and praticing the exemples...not just reading). Indeed its very nice. In fact, the idea of studing a real daemon like apache came from the experimentations with the "Tiny Daemon", which was very useful...yet limited.

    Your tutorials look like a nice start in what I was willing and openRCE looks very promising. The 4th tutorial caught my attention, 'cause H:TAoE didn't coverd after free heap buffer overflow. Also an sample of client based exploit, what is inspiring, since I was too focus in a server perspective so far.
    It's also a oportunity to start scratch some bits with pearl, python and that stuff you have used. OpenRC and Corelan are also very promising. All links bookmarked.
    A lot to learn, but I eat fast, and soon I will need more. If anyone out there have some material to post, hints, advices, or any enlightening guidence, I'm starving.

    Come on people, lupin hit the bullzeyes. That is the way I'm looking at. Push further. Finding (remote) vulnerabilities in real programs and writing exploits. That is the theme.

    Ps: By the way, forgive me for the bad english, it's not my mother language and, yet I read a lot, I don't type it very often.

  4. #4
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default Re: Drilling down Apache codes for fun and learning

    Hi this is a interseting read
    http://securityevaluators.com/files/...shAnalysis.pdf

    Bitblaze software fuzzer, and different path

  5. #5
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    4

    Default nice hint compaq

    Quote Originally Posted by compaq View Post
    Hi this is a interseting read
    http://securityevaluators.com/files/...shAnalysis.pdf

    Bitblaze software fuzzer, and different path
    Nice shot compaq!
    I was studing lupin's tutorials and, as I said, they are nice because they were done using real prograns that you can find over there, like Ant server.
    But u got what I mean when u post the link to this paper about BitBlazer and how people use it to look for vulnerabilities in bin codes. That's great, because since I was messing up with "Tiny Daemon" (the web server presented in Art of Explotation) I though something like:
    "Well, it won't be easy to find vulnerabilities in a source codes with hundreds or even thousands of lines. Don't to mention when I'm analysing a program without the source code, because look into the binaries would be much more difficult."
    Since then I knew some day I will need to write some tool to help me with such scans. Since I have no idea how it works, what patterns to look for, what "behaviors, etc, starting with BitBlaze seems a good idea. So, thanks!

    Know I have two questions. The first, and most important, is there a program like BitBlaze, but instead of looking the binaries and debbuging, would scan "signatures" inside the source codes? Like vulnerables uses of given functions? or Maybe lack of bounderies during memory allocation? off-by-one erros? Vulnerables Pointers overflow? Can you get what I mean?
    I'm thinking in C, because since then its the language I'm most familiar (Or should I say, less alien). What about the errors inherents of others languages? I don't know if I am being clear, but I hope so.

    Well I'm still listening. When I wrote this thread I was stucked...now I have promising paths and nice materials. If you could continue, I'd appreciate!

    [--EDITED--Because I repeated de text twice]
    Last edited by Driller05; 09-21-2010 at 08:33 AM.

  6. #6
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default Re: Drilling down Apache codes for fun and learning

    dynamic ip 64.423.541.322 (fictional address, of course). If some one connects to 64.423.541.322, he would not connect to me, but to the tel company server, right?
    It should be the router closest to the phone line, were you are. The tel company could have a proxy that you go throught and that could be its IP or not.
    Most likely its you BB router. You would have to forward ports(virtual serivce/port fowarding)

    Know I have two questions. The first, and most important, is there a program like BitBlaze, but instead of looking the binaries and debbuging, would scan "signatures" inside the source codes? Like vulnerables uses of given functions? or Maybe lack of bounderies during memory allocation? off-by-one erros? Vulnerables Pointers overflow? Can you get what I mean?
    I'm thinking in C, because since then its the language I'm most familiar (Or should I say, less alien). What about the errors inherents of others languages? I don't know if I am being clear, but I hope so.
    fxcop
    splint
    flawfinder
    its4
    prefast
    bugscan
    prexis
    rats
    code surfer
    (hacking exposed book 6)+
    But there proable no need to run those tools, as most of that would be run at the devlopment company, and what they find closed.
    don't know the above tools will find these off-by-one erros, but a srcipt or something that searchs one line and checks for >(& not =)

    Personal don't use much, a debugger and just look for test,cmp,jz,jnz,jg,add,sub,mov reg1,[reg2]- were reg one = 41414141

    Any way good luck

    Some ida automation stuff
    http://www.megaupload.com/?d=X6KSTS07
    http://www.megaupload.com/?d=0BOI8Y50
    http://www.megaupload.com/?d=RNXHIUJL
    http://www.megaupload.com/?d=SXNXBBZS
    Last edited by compaq; 09-19-2010 at 06:12 AM.

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Drilling down Apache codes for fun and learning

    Fuzzers are generally the way to find flaws. Once a exception of some sort is found, it is looked at in a debugger to see what happens. Then we decide if there is a proper overwrite and address space for shellcode. once all that is finished the code for the exploit is written to put it all together.

    My advice would be to start with a much smaller program than apache. Not only will it be like looking for a needle in a haystack, it will also be difficult for a newbie because hundreds if not thousands of hackers are fuzzing apache all day , every day. There is a great book on fuzzing called Amazon.com: Fuzzing: Brute Force Vulnerability Discovery (9780321446114): Michael Sutton, Adam Greene, Pedram Amini: Books
    I also would take my time and reread the coralan coder stuff. That guy is a exploit ninja.

  8. #8
    Junior Member roybatty's Avatar
    Join Date
    Jan 2010
    Location
    Tannhauser Gate
    Posts
    55

    Default Re: Drilling down Apache codes for fun and learning

    I've seen things you people wouldn't believe.

  9. #9
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default Re: Drilling down Apache codes for fun and learning

    A little off topic, but I just thought I'd post here to say how awesome that link is.
    This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.

  10. #10
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Drilling down Apache codes for fun and learning

    Quote Originally Posted by g3ksan View Post
    A little off topic, but I just thought I'd post here to say how awesome that link is.
    Yeah I liked it too. Great list of links.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 1 of 2 12 LastLast

Similar Threads

  1. VGA resolution codes (lilo + grub)
    By fnord0 in forum OLD BackTrack 4 General Support
    Replies: 0
    Last Post: 06-22-2009, 07:08 PM
  2. What does the VGA codes mean
    By blaqDeaph in forum OLD Newbie Area
    Replies: 4
    Last Post: 11-03-2008, 01:45 PM
  3. Using boot codes with HD install
    By gt5401d in forum OLD Newbie Area
    Replies: 6
    Last Post: 09-20-2007, 03:55 AM
  4. Just don't get Cheat Codes!
    By imported_dmshady001 in forum OLD Newbie Area
    Replies: 24
    Last Post: 08-31-2007, 03:56 PM
  5. Metasploit control codes ctrl+z
    By Drav3n in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-13-2007, 04:11 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •