Gera's Insecure Programming Format String #2

Now that this semester is completed, I can continue going through gera’s execises =).

Negating an AND expression.

The basic database QUERY expression for a simple login is: [sql] SELECT * FROM users WHERE username = ‘phillip’ AND password = ‘taco’ [/sql] Which boils down to: “Login if T ∧ T” where in this case the first T is the result the database returns when username is in the database and the second is the result T is where password is in the database.

Rudimentary Treatise on the Construction of Locks, 1853 (excerpt)

A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among themselves, as they have lately done. If a lock – let it have been made in whatever country, or by whatever maker – is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of honest persons to know this fact, because the dishonest are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged, that an acquintance with real facts will, in the end, be better for all parties.

The Consequences of Attacks on Major Global Institutions

Evidence of recent attacks on major political and financial systems suggests that large-scale attacks on critical infrastructures are still a focus of attackers, despite recent reports that cyber attackers are focusing on smaller targets. In an article titled “Are We Ready for a Financial Cyber Attack” the Wall Street Journal hints at several of the most serious potential cyber attacks the world could experience. The article alludes to a potential attack on Western financial institutions that could affect trillions of dollars of transactions everyday, and could have a destabilizing effect on economic and political stability. Unfortunately, in the last few months, some attacks on major financial and political systems have come close to that possibility.

The Impact of Recent Cyber Attacks on Popular Platforms

Words like “privacy” and “confidentiality” and “cyber-security” are thrown around frequently in discussions of technology, but many people consider these issues more idealistic than essential. It may be widely accepted that confidentiality is better than no confidentiality, but few people would go out of their way to protect their information at the cost of convenience or practicality. The question becomes whether or not most of these people who give away their private information haphazardly realize the danger and ignore it, or are ignorant of the severity of the ramifications altogether. Unfortunately, some of those people will probably learn of the severe ramifications first hand- and there’s a significant chance that will happen when their fiscal situation takes a hit because of a financial cyber attack.

HowTo: Writing into process memory with GDB.

Use this .gdbinit. Make sure you save it as your ~/.gdbinit file in $HOME. This adds functionality: you can see the stack, data, registers and code and how they change on each cmd entered into gdb. For best results use 80x24 sized windows (It acts like a motion picture in that size.)

HowTo: Turn off Linux Security Mechanisms

You are probably going to want to do this to make your initial exploit examples easier to work with and understand.

HowTo: Using MSF to Make Linux Shellcode

Here’s a quick one liner to make linux shell code that runs “exec /bin/bash”. The last argument of c to msfencode generates the c.