Subject: Re: shellcoding on gentoo - msg#00011

Previous Message by Date: click to view message preview

CALL FOR PAPER - SYSCAN'06

*SyScan'06 CALL FOR PAPER* ***ABOUT SYSCANâ06*** The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScanâ06 intends to be a non-product, non-vendor biased security conference. It is the aspiration of SyScanâ06 to congregate, in Singapore, the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. The speakers that will be at SyScanâ06 are among the best, and brightest. These experienced security professionals at the vanguard of leading information security technology have assembled unique new material that they will present at this conference to help you maintain your technological leadership and stay abreast of the latest developments in this rapidly moving technological field. This two-day symposium will be held in a relaxed and informal atmosphere, allowing all participants to enjoy themselves whilst expanding their knowledge on information security. SyScanâ06 will be held in Singapore on 20th and 21st of July, 2006 over at the Swissotel Merchant Court Hotel. Besides main the conference, there will also be specialized security training courses in SyScanâ06. These classes will be held before the main conference. ***SPEAKERS/TRAINERS PRIVILEGES** *Speakers at SyScanâ06 will enjoy the following privileges. Generic Privileges â Return economy class air-ticket for one person. â Hotel accommodation. â Breakfast, lunch and dinner during conference. â After-conference party. â A healthy dose of alcohol. Special Privileges â *One selected speaker from each category will receive US$1,000 honorarium in cash. Selection will be based on the following criteria: o New presentation not seen in any other conferences before. â **Presentations that reveal unpublished/undisclosed vulnerabilities/exploits/techniques/malware will receive US$2,000 honorarium in cash. Selection will be based on the following criterion: o Critical zero-day vulnerability, or o Working exploits (can be reproduce and must have POC), or o New techniques for: ï Discovery of vulnerability, or ï Exploiting existing vulnerability o New form of malware. ***CFP SUBMISSION*** CFP submission must include the following information: 1) Brief biography including list of publications and papers published previously. 2) Proposed presentation title, category, synopsis and description. 3) Contact Information (full name, alias, handler, e-mail, postal address, phone, fax, photo, country of origin, special dietary requirement). 4) Employment and/or affiliations information. 5) Any significant presentation and educational experience/background. 6) Why is your material different or innovative or significant or an important tutorial? All submission must be in English in either MS Office or OpenOffice or PDF format. The more information you provide, the better the chance for selection. Please send submission to cfp@xxxxxxxxxxx Submission must be done no later than 30th April 2006. ***IMPORTANT DATES*** Final CFP Submission â 30th April 2006 Notification of Acceptance â 15th May 2006 Final Accepted Presentation Material Submission â 30th June 2006 ***TOPICS*** The following categories are the focus for SyScanâ06: 64-bit Vista Mobile Devices Malware VoIP Linux The scopes of the focus are broad and include, but not restricted to the following areas: 64-bit Vista â Vulnerabilities o Kernel o Protocols â Exploits o Kernel o Protocols o Shellcodes â Malware o Virus o Rootkit o Spyware Mobile Devices (embedded systems) â Vulnerabilities o Operating Systems o Applications â Exploits o Operating Systems o Applications â Malware o Virus Malware â Rootkits â Spyware VoIP â Vulnerabilities â Exploits Linux â Vulnerabilities o Kernel o Protocols â Exploits o Kernel o Protocols BotNets Others Any topics that will catch the attention of the CFP committee and/or the world. ***OTHER INFORMATION*** Please feel free to visit SyScanâ06 website to get a feel what this conference is all about â SHARE AND HAVE FUN! Also lookout here for the latest update on SyScANâ06. *It is possible and not necessary that every category will have a speaker that will receive the US$1000 honorarium. The CFP committee of SyScanâ06 will be the final arbitrator on this matter. **If your presentation meets the criterion for both categories of honorarium, you will receive only the higher honorarium of US$2,000 in cash. The CFP committee of SyScanâ06 will be the final arbitrator on this matter. By agreeing to speak at the SyScanâ06 you are granting SyScan and COSEINC the rights to reproduce, distribute, advertise and show your presentation including but not limited to http://www.syscan.com, printed and/or electronic advertisements, and other form of mediums. -- Thank you Thomas Lim Organiser SyScan'06 www.syscan.org

Next Message by Date: click to view message preview

Re: shellcoding on gentoo

ive written similar code recently using gentoo also, running on an amd 2200 XP: i use GCC to build my assembler rather then nasm, could potentially be an issue there? its also worth noting at&t syntax.. <snipped> //close: "\x89\xf3" // mov %esi,%ebx "\x31\xc0" // xor %eax,%eax "\xb0\x06" // mov $0x6,%al "\xcd\x80" // int $0x80 ;close "\x87\xf7" // xchg %esi,%edi "\x85\xc0" // test %eax,%eax "\x74\xf" // jz close //exit: "\x31\xc0" // xor %eax,%eax "\xb0\x01" // mov $0x1,%al "\xcd\x80" // int $0x80 ;exit <snipped> ----- Original Message ----- From: "Borja" <padre@xxxxxxxxxxxxx> To: <vuln-dev@xxxxxxxxxxxxxxxxx> Sent: Sunday, February 19, 2006 7:56 PM Subject: Re: shellcoding on gentoo Hi Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB of eax corrupt trapping the syscall, but Its OK. I successfully run the shellcodes on a debian box,but in gentoo,allways SEGFAULT. There is it, a new log: ------------------------------------------------------------------------------------------------------------------------------------------------------ petalo shellcode # cat 1.asm BITS 32 ;exit() xor eax,eax xor ebx,ebx mov eax,1 int 0x80 petalo shellcode # nasm -g -f elf 1.asm petalo shellcode # ld 1.o ld: warning: cannot find entry symbol _start; defaulting to 00000000080480a0 petalo shellcode # ./a.out Segmentation fault petalo shellcode # gdb -q a.out Using host libthread_db library "/lib/libthread_db.so.1". (gdb) break 1 Breakpoint 1 at 0x80480a0: file 1.asm, line 1. (gdb) r Starting program: /root/code/shellcode/a.out Program terminated with signal SIGSEGV, Segmentation fault. The program no longer exists. You can't do that without a process to debug. (gdb) q petalo shellcode # Linux petalo 2.6.12-gentoo-r6 #9 Sat Dec 24 14:37:56 CET 2005 i686 AMD Athlon(tm) XP 1600+ AuthenticAMD GNU/Linux ------------------------------------------------------------------------------------------------------------------------------------------------------ I cant explain why SIGFAULT. I did not edit any advanced kernel configurations rather than snd card and ethernet. Thanks in advance.

Previous Message by Thread: click to view message preview

Re: shellcoding on gentoo

Try initializing the upper 3 MSB's of the eax register before trapping. This seems like a really common error amongst new shellcode writers. It's probably that eax has already been initalized with a value and you're only setting the LSB. Then when you trap the wrong (or completely invalid) systemcall is being called, fails, and since you don't exit() after the trap it crashes. If you use something like strace, you'll be able to confirm what systemcall (if any) is actually being called on the trap.

Next Message by Thread: click to view message preview

Re: shellcoding on gentoo

ive written similar code recently using gentoo also, running on an amd 2200 XP: i use GCC to build my assembler rather then nasm, could potentially be an issue there? its also worth noting at&t syntax.. <snipped> //close: "\x89\xf3" // mov %esi,%ebx "\x31\xc0" // xor %eax,%eax "\xb0\x06" // mov $0x6,%al "\xcd\x80" // int $0x80 ;close "\x87\xf7" // xchg %esi,%edi "\x85\xc0" // test %eax,%eax "\x74\xf" // jz close //exit: "\x31\xc0" // xor %eax,%eax "\xb0\x01" // mov $0x1,%al "\xcd\x80" // int $0x80 ;exit <snipped> ----- Original Message ----- From: "Borja" <padre@xxxxxxxxxxxxx> To: <vuln-dev@xxxxxxxxxxxxxxxxx> Sent: Sunday, February 19, 2006 7:56 PM Subject: Re: shellcoding on gentoo Hi Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB of eax corrupt trapping the syscall, but Its OK. I successfully run the shellcodes on a debian box,but in gentoo,allways SEGFAULT. There is it, a new log: ------------------------------------------------------------------------------------------------------------------------------------------------------ petalo shellcode # cat 1.asm BITS 32 ;exit() xor eax,eax xor ebx,ebx mov eax,1 int 0x80 petalo shellcode # nasm -g -f elf 1.asm petalo shellcode # ld 1.o ld: warning: cannot find entry symbol _start; defaulting to 00000000080480a0 petalo shellcode # ./a.out Segmentation fault petalo shellcode # gdb -q a.out Using host libthread_db library "/lib/libthread_db.so.1". (gdb) break 1 Breakpoint 1 at 0x80480a0: file 1.asm, line 1. (gdb) r Starting program: /root/code/shellcode/a.out Program terminated with signal SIGSEGV, Segmentation fault. The program no longer exists. You can't do that without a process to debug. (gdb) q petalo shellcode # Linux petalo 2.6.12-gentoo-r6 #9 Sat Dec 24 14:37:56 CET 2005 i686 AMD Athlon(tm) XP 1600+ AuthenticAMD GNU/Linux ------------------------------------------------------------------------------------------------------------------------------------------------------ I cant explain why SIGFAULT. I did not edit any advanced kernel configurations rather than snd card and ethernet. Thanks in advance.