Skip to main content

k3170

"So you are interpreters of interpreters?" - Socrates, Ion by Plato

Search This Blog

Pages

Posts
Post Series
Vulnerability Disclosures
About me
Books
Public Disclosure Policy

Posts

Context based Entropy : How to use keyed-steganography

Posted by Keith Makan August 31, 2017

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

[OPINION] How AI will change Information Security

Posted by Keith Makan August 15, 2017

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Why Security exceptions shouldn't exist.

Posted by Keith Makan July 28, 2017

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Why geeks should "get" fashion

Posted by Keith Makan April 01, 2017

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

[RANT] Why Browsers are a crazy idea

Posted by Keith Makan April 01, 2017

Browsers Information Security Internet Security

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

[Idea] False Biased Extraction for SQLi using Prime numbers

Posted by Keith Makan September 20, 2016

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Abusing WebVTT and CORS for fun and profit

Posted by Keith Makan September 19, 2016

Chrome Firefox HTML5 Safari Video Formats Web Attacks Web Hacking WebVTT

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Stealing Secrets with CSS : Cross Origin CSS Attacks

Posted by Keith Makan February 15, 2016

Cascading Style Sheets Chrome Cross Site scripting CSS CSS Cross Origin Firefox Opera penetration testing Same Origin Policy Web Attacks Web Hacking Web Security

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

The Vaudenay Attack : A practical example

Posted by Keith Makan July 15, 2015

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Padding Oracle Attacks : The other padding that killed your secret key

Posted by Keith Makan July 12, 2015

Block Ciphers Cryptanalysis Cryptography Padding Oracle Vaudenay

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Automated DEX Decompilation using Androguard part II: Dex2Java

Posted by Keith Makan November 23, 2014

Androguard Android

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Automated DEX Decompilation using Androguard

Posted by Keith Makan November 05, 2014

Androguard Android Android Application Hacking

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

About addJavascriptInterface abuse in Android Browsers

Posted by Keith Makan March 17, 2014

addJavascriptInterface Android Application Hacking Android Hacking Android Security

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Path Traversal Vulnerability in OI File Manager for Android

Posted by Keith Makan February 24, 2014

Android Android Application Hacking Content Providers IO File Manager

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android

Posted by Keith Makan February 09, 2014

Android Application Hacking Android Application Security Android Hacking Android Security Path Traversal Vulnerability Smart File Manager

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Critical Information Leakage Vulnerabilities in 'Next Browser' 1.16 for Android

Posted by Keith Makan February 08, 2014

Android Android Application Hacking Android Application Security Application Vulnerabilities Next Browser

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Path Traversal Vulnerability in File Explorer (FX) for Android

Posted by Keith Makan February 04, 2014

Android Application Hacking Android Application Security Android Hacking File Explorer (FX) Path Traversal Vulnerability

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

About.me Cookie Based XSS

Posted by Keith Makan October 16, 2013

About.me Cookie Precedence Cross Site scripting XSS

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Even Faster Blind SQL injection methods

Posted by Keith Makan October 12, 2013

Blind MySQL injection Blind SQL injection Blind SQLi Fast Blind SQL injection MySQL SQL Exploitation Time based SQLi

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Grepping for Glory : using grep to uncover Android Application Level Vulns

Posted by Keith Makan October 09, 2013

addJavascriptInterface Android Android Application Hacking Android Security SharedPreferences Threat Modelling Android Applications WebView WebViewClient

+

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Popular Posts (Last Year)

[Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU

Hi folks, in this post I'm going to walk through how to setup the linux kernel for debugging. I will also demonstrate that the setup works by setting a break-point to a test driver I wrote myself. All the code will be available from my gitlab, all the links to my gitlab will be re-posted at the end. The setup I describe here re-uses some parts of the syzkaller setup, and for good reason later on in the post series I will break into a tutorial for the syzkaller tool as well. So lets get on with it. Screenshot of a successful debug session with full debug symbols for the kernel! We can even see the call to start_kernel and a frame before that as well! The Process Okay so we want to study kernel exploitation but given that the kernel isn't something totally accessible in userspace, its not as convenient to debug as userpace stuff, we need a bit of a run up before we can actually poke and prod the kernel to figure out how to write our exploits. So there's a number of importa

Introduction to the ELF Format (Part VI) : The Symbol Table and Relocations (Part 1)

This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are: (Part I) : ELF Header https://blog.k3170makan.com/2018/09/introduction-to-elf-format-elf-header.html (Part II) : Program Headers https://blog.k3170makan.com/2018/09/introduction-to-elf-format-part-ii.html (Part III) : Section Header Table https://blog.k3170makan.com/2018/09/introduction-to-elf-file-format-part.html (Part IV) : Section Types and Special Sections https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-iv.html (Part V) : C Start up https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-v.html this In this and the next post I'm going to explore how Elf files manage to pull off the magic of symbol resolution as well as the format, offsets and records in the Elf that represent this information. There are many facets to this mechanism in the format, and before I get into each of them I'd like to

The Science of Google Dorking

In this post I'm in proposing some new and improved Google dorks for hackers/pentesters and generally any one that likes finding web based targets based on the vulnerabilities they expose, the dorks I will discuss here include servers exhibiting: Local file inclusion / Remote File inclusion vulnerabilities SQL injection Error based injection

Introduction to the ELF Format : The ELF Header (Part I)

ELF Files are charged with using their magic to perform two holy tasks in the linux universe. The first being to tell the kernel where to place stuff in memory from the ELF file on disk as well as providing ways to invoke the dynamic loaders functions and maybe even help out with some debugging information. Essentially speaking its telling the kernel where to put it in memory and also the plethora of tools that interpret the file where all the data structures are that hold useful information for making sense of the file. Anyway that's as far as I've figured it out - the actual break down is a little less simple. I'll demonstrate why this is so here and over the next series of posts in the classic "Learn things by breaking them" style. ELF Header and Identification fields The first thing that appears in an ELF file is of course the header, which is like most things in file formats just a list of offsets in the file. Its purpose is to indicate essentially wha

[Linux Kernel Exploitation 0x1] Smashing Stack Overflows in the Kernel

Previous Post in Series : [Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html Hi folks this blog post is part of a series in which I'm running through some of the basics when it comes to kernel exploit development for Linux. I've started off the series with a walk through of how to setup your kernel for debugging and included a simple debug driver to target. The post here carries on from this point and explores some stack security paradigms in the kernel. We're gonna add some stuff to that driver to make it do a dangerous memcpy and then look at whether we can manipulate memory structures with our input. I initially intended to cover full exploit to a root shell with this post but that proved a bit more challenging than I anticipated so I'm splitting this up into two posts. This one will cover almost everything right up to actually controlling the instruction pointer in the ker

[Memory Corruption Bugs] Lftp Null pointer dereference (<= 4.9.1) in CmdExec::FeedCmd

Date: 06-21-20 Vendor Homepage: https://lftp.yar.ru/ Software Link: http://lftp.yar.ru/ftp/lftp-4.9.1.tar.gz Version: <= 4.9.1 Bug link: https://github.com/lavv17/lftp/issues/593 I've discovered a null pointer deference bug in LFTP version 4.9.1 which probably affects previous versions. The bug occurs in CmdExec::FeedCmd and triggers in strlen due to a null pointer argument. The following gdb trace demonstrates this: (gdb) r -f lftp_cmdfile_fuzz/crashes/id:000000,sig:11,src:000000,op:havoc,rep:4 The program being debugged has been started already. ... Breakpoint 5, 0x0000000000461b61 in CmdExec::FeedCmd(char const*) () (gdb) x/5ig $rip => 0x461b61 <_ZN7CmdExec7FeedCmdEPKc+97>: callq 0x43a3a0 <strlen@plt> 0x461b66 <_ZN7CmdExec7FeedCmdEPKc+102>: mov %rbx,%rdi 0x461b69 <_ZN7CmdExec7FeedCmdEPKc+105>: mov %r14,%rsi 0x461b6c <_ZN7CmdExec7FeedCmdEPKc+108>: mov %eax,%edx 0x461b6e <_ZN7CmdExec7FeedCmdEPKc+110>:

[Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow

Previous Post in Series : [Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html [Linux Kernel Exploitation 0x1] Smashing Stack Overflows in the Kernel https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.htm l this post Hi folks! I'm back and this time I've got a banger of a post; we're going to finish off the last part of the exploit chain for stack overflows. In the previous post we discussed some details of memory protections in the kernel and looked at what a few probes around some of the memory structures looked like. If you don't know how to debug a Linux Kernel, build one or build a Qemu image please check out the previous stuff in the series. In this post we're going to start really wielding our power over the stack and craft ROP chains and calls to some interesting functions. Controlling EIP (No Canary) Target Driver: https://gitlab.com/k3170ma

Archive

2021 1
- January 1
  - [Linux Kernel Exploitation 0x2] Controlling RIP an...

2020 6
2019 6
- December 2
- June 1
- March 2
- January 1
2018 23
- December 1
- November 2
- October 5
- September 3
- July 1
- June 2
- May 3
- February 4
- January 2
2017 19
- December 3
- November 2
- October 3
- September 6
- August 2
- July 1
- April 2
2016 3
- September 2
- February 1
2015 2
- July 2
2014 7
2013 10
- October 3
- August 4
- May 1
- March 1
- January 1
2012 23
- December 6
- October 1
- July 2
- June 1
- April 2
- March 1
- January 10

Show more Show less

Labels

About.me
addJavascriptInterface
Adult Swim
AI.
Alan Turing
Altcoin
Androguard
Android
Android Application Hacking
Android Application Security

Show more Show less

Report Abuse

Powered by Blogger

Keith Makan