Shellcodes, exploits ... Tulsa under Win
Somehow I wandered over to shinnai , went to the tools section and found a lot of useful software for researching and writing shellcodes (software is available on hotlinks).
The list of utilities, their description, articles on use under a cat.
Do you write exploits for Windows? arwin - search for addresses of functions. For this you can use IDA, but as an option this little tool will fit perfectly. Example of use:
Axman and Comraider get here . An online demo is available for Axman. On this topic there is an article from habrauzer d00kie (where he uses the Comraider) - Glum at objects: hacking ActiveX
')
Exception monitoring. We start application, we attach to process, we cause crash. You can not always get by Olly.
Good PDF'ka on the topic - http://www.infigo.hr/files/INFIGO-TD-2006-04-01-Fuzzing-eng.pdf . Specifically about Faultmon - section 6.3
Debagger with GUI. Allows you to change a certain number of bytes in the source file. After that, you can slip the target soft and see what happens. If the program falls - under certain conditions, the case can be unwound to the exploit.
Still writing exloits? We are again to you. (suddenly) Looks for jmp's in a loaded DLL.
To make everything clear, help:
Example:
Phaser of PHP functions for buffer overflow (which, as we know , can lead to arbitrary command execution)
He told about him and here and here .
skipfish - Google's web vulnerability scanner. Looking for a long time, a lot, eats a bunch of traffic. Self-taught. Generates a final report in html5.
And of course, I advise you to visit other sections, such as Exploits and Papers and Videos .
The list of utilities, their description, articles on use under a cat.
arwin
Do you write exploits for Windows? arwin - search for addresses of functions. For this you can use IDA, but as an option this little tool will fit perfectly. Example of use:
>arwin.exe kernel32.dll ExitThread arwin - win32 address resolution program - by steve hanna - v.01 ExitThread is located at 0x779d7fdc in kernel32.dll ActiveX phasers
Axman and Comraider get here . An online demo is available for Axman. On this topic there is an article from habrauzer d00kie (where he uses the Comraider) - Glum at objects: hacking ActiveX
')
Faultmon
Exception monitoring. We start application, we attach to process, we cause crash. You can not always get by Olly.
Good PDF'ka on the topic - http://www.infigo.hr/files/INFIGO-TD-2006-04-01-Fuzzing-eng.pdf . Specifically about Faultmon - section 6.3
Filefuzz
Debagger with GUI. Allows you to change a certain number of bytes in the source file. After that, you can slip the target soft and see what happens. If the program falls - under certain conditions, the case can be unwound to the exploit.
Findjmp
Still writing exloits? We are again to you. (suddenly) Looks for jmp's in a loaded DLL.
To make everything clear, help:
>findjmp.exe Findjmp, Eeye, I2S-LaB Findjmp2, Hat-Squad FindJmp DLL registre Ex: findjmp KERNEL32.DLL esp Currently supported registre are: EAX, EBX, ECX, EDX, ESI, EDI, ESP, EBP Example:
>findjmp.exe KERNEL32.DLL esp Findjmp, Eeye, I2S-LaB Findjmp2, Hat-Squad Scanning KERNEL32.DLL for code useable with the esp register 0x76F50233 call esp 0x76FB3165 jmp esp 0x76FD2E2B call esp Finished Scanning KERNEL32.DLL for code useable with the esp register Found 3 usable addresses Footzo
Phaser of PHP functions for buffer overflow (which, as we know , can lead to arbitrary command execution)
skipfish for windows
He told about him and here and here .
skipfish - Google's web vulnerability scanner. Looking for a long time, a lot, eats a bunch of traffic. Self-taught. Generates a final report in html5.
And of course, I advise you to visit other sections, such as Exploits and Papers and Videos .
Source: https://habr.com/ru/post/141698/
All Articles