BackTrack 3 (2007-12-14) is a penetration testing live Linux distribution. It is packed with plethora of tools organized by categories.
With this large amount of utilities, it is sometimes hard to pick the correct one for the job. At Shmoocon 2008, a BackTrack representative gave a talk which was good, but focused on exploiting a Windows binary using Olly, not on showing off the features of the distribution. So I took it upon myself to click on every single link and find the awesome and the less awesome tools among the bunch. Note that the work that I did was for a presentation. There are videos which are self-explanatory but at times need commentary. I will provide some explanation in writing.
Continue reading ‘BackTrack 3: Demos of selected tools’
In an earlier post to my personal blog as well as to this blog, I enthusiastically recommended the Synology CS407 NAS as a data storage/backup platform. I am now taking that recommendation back.
Let me just say this: it seemed like a good choice at the time, and, if I could have trusted the vendor to deploy the software on it properly, it might still be. Here is a short summary of some of the issues I found:
You can skip to the full report here: A Security Audit of the Synology Disk Station Manager (DSM) v2.0-0590 Firmware.
What follows is a complete retelling of how I got here, sort of a lesson in vulnerability disclosure (not so much discovery, you’ll see why). It’s not pretty, I didn’t do all the right things, and it’s kind of long.
Continue reading ‘Multiple Vulnerabilities in ALL Synology Products’
I will try to keep this to the point. Auto-completion on the terminal is something we all love and it makes using a UNIX system and running commands far more pleasant. Most shells can auto-complete path names, binary names, and built in commands. Bash goes further and supports auto-completing user names, hosts and a few other trivial things. No shell that I know of has ever attempted to auto-complete the arguments that the binaries take. Leaving out support for this makes sense, as there is no common way for a binary to store the arguments it can take inside the program binary, and it is bound to be a porting nightmare.
Keeping this in mind, I realized that almost every single UNIX binary gets its arguments from the shell in a standard, POSIX-compliant way. The getopt libc function call parses the input from the shell in to usable internal flags. If one were to peek inside what each binary gives to getopt(), one would find out all arguments it is expecting to take and provide more insight about the executable! This is what I have done and what the remainder of the post is about.
This is what my previous post related to. Now I realize this is a slightly silly goal. My primary reason for doing this is to learn the techniques I’ve used to get there, which I simply could not learn without experimentation and a concrete goal in mind. The way this problem was attacked as follows:
Continue reading ‘Prodding programs’
In the last few weeks, I have been needing to understand a lot of existing source code. People, including myself, often try to reverse-engineer binaries and not pay much attention to reverse-engineering available code, if that’s the proper way to call it. While not reverse-engineering in its core, analyzing source code tends to tickle similar parts of the brain as when reverse-engineering binaries. This post is a short description of the tools and techniques I’ve been using and hope to receive suggestions to techniques I have been missing.
The tool in question is ltrace, which I believe is a doing of mostly the Debian project (I can be wrong), with a port to FreeBSD which is what I have been using. I have spent enough hours trying to just read source code, using grep to look for where to look for my next step.
Read on for descriptions!
Continue reading ‘Tools for implicit code understanding’
The UbuCon is an unconference for Ubuntu users, developers, and sysadmins taking place on February 16th at the new Google offices in Manhattan. A few people from ISIS will be there to represent the interest of security in Ubuntu’s future development and hopefully moving improvements like GCC proactive security measures, encrypted LUKS partitions, and main inclusions of Seahorse and gaim-otr up to a higher development priority. If you’d like to join us add your name to the RSVP list and we’ll see you there (it’s free!).
Loading ...
Recent Comments