Why Encoding Does not Matter and How Metasploit Generates EXE’s

Posted by scriptjunkie in Metasploit on April 15, 2011

Payload executables generated by msfencode are commonly detected by antivirus engines, depending which antivirus engine is used. A common misconception is that the antivirus engines are actually detecting the shellcode, and therefore, the best way to avoid antivirus detection is to pick an encoder that the antivirus engine cannot handle, or encode many times. After […]

, , , , , ,

13 Comments

Shells, terminals, and sudo mitm

Posted by scriptjunkie in /dev/urandom on April 14, 2011

In many situations, you can find yourself with a simple shell, able to read and write stdin/stdout, but some command that you are using requires a full terminal. Example: you got a netcat shell on a server or you’re writing a web application with popen() calls, etc. If you need to execute a command through […]

, , , ,

No Comments

Important Stuff

Posted by scriptjunkie in Uncategorized on March 31, 2011

I am adding a page Important Stuff with some thoughts on non-information-security stuff. As fun and interesting as hacking is, there are more important sides of life. So I summarized just four of the reasons why I believe what I believe, and a bit of what that means. As you may know, I am a […]

No Comments

Java_signed_applet with RJB

Posted by scriptjunkie in Exploits, Metasploit on March 6, 2011

I just wasted a lot of time trying to get the java_signed_applet exploit module working in Metasploit. Not that it doesn’t work by default, but you will get the warning [-] [-] The JDK failed to initialized: no such file to load — rjb [-] In order to dynamically sign the applet, you must install […]

, , , , , ,

No Comments

Finding non-ASLR or DEP modules

Posted by scriptjunkie in Exploits on March 1, 2011

As the recent exploits for IE using the .NET 2.0 DLL demonstrate, sometimes a non-ASLR DLL to enable an exploit is just a LoadLibrary away. So if pvefindaddr won’t give you any ASLR-free DLL’s in memory, look for other DLL’s which the process will load, given the right input. Or from a system-hardening or development […]

, , , , , , ,

1 Comment

Breaking mobile device crypto with chaos theory and hardware RNG’s

Posted by scriptjunkie in Crypto on February 5, 2011

This is a continuation of the previous post with details on breaking the cryptosystem in the paper “Design and FPGA Implementation of a Pseudo-Random Bit Sequence Generator Using Spatiotemporal Chaos,” which proposed a hardware-based PRNG using a chaotic function as the basis of a cryptosystem inspired by the one-time pad. It proposed the system as […]

, , , , ,

No Comments

Cryptology, Academics, and Chaos

Posted by scriptjunkie in Uncategorized on February 4, 2011

I saw an article the other day critical of the ACM (here also see this linked to in comments) and I have to say, I completely agree. As far as I can tell, the ACM, like the IEEE and other publishing houses, exists to leech off of the academic world, charging large amounts of money […]

, , , , ,

2 Comments

Black Hat DC Presentation

Posted by scriptjunkie in Exploits, Metasploit, Vulnerabilities on January 18, 2011

The materials in the presentation, including the exploits used, are downloadable here. Have fun counterattacking! Update: the actual slides are at http://www.scriptjunkie.us/files/counterattack.pdf and paper is at http://www.scriptjunkie.us/files/bhdc2011whitepaper.pdf.

, ,

No Comments

Expanding Metasploit RPC and GUI

Posted by scriptjunkie in Metasploit on January 10, 2011

If you’d like to extend Metasploit in some way (and it isn’t polished enough or applicable to all users to be put into the main framework code), a plugin is probably the best way to go. Many examples in the framework show how to add console commands, but if you want GUI integration, or integration […]

No Comments

Black Hat & Shmoocon

Posted by scriptjunkie in Uncategorized on December 14, 2010

Just got accepted to both Black Hat DC 2011 and Shmoocon 2011! Unfortunately, I will not be able to attend Shmoocon. I wish I could come; I have never spoken there before, and it’s a great conference. Instead you will have to see me at Black Hat. Link: http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Weeks

No Comments