Return Oriented Exploitation (ROP)
For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.
Read MorePHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.
Read MoreUpcoming Courses and Security Training
BlackHat Offensive Security Training Courses are selling out…sign up quick! To all those who signed up – we’ve got some special things planned for you, you’re definitely in for a ride. Thanks for flying Offsec.
Read MorePenetration Testing With BackTrack v.3.0 Alive!
Penetration Testing with BackTrack v3.0 now available and better than ever!
Read MoreQuickZip Stack BOF : A box of chocolates – part 2
Today (as promised in part 1 of the QuickZip Stack BOF exploit write-up), I will explain how to build the exploit for the quickzip vulnerability using a pop pop ret pointer from an OS dll.
At the end of part 1, I challenged you, the Offensive Security Blog reader, to try to build this exploit (using a ppr pointer from an OS dll) yourself (try hard) and to contact me if you were able to complete the exercise.
Read MorePWB v3.0 – Offensive Security Online Training at its Best
Penetration Testing with BackTrack updates
Read MoreQuickZip Stack BOF 0day: a box of chocolates
A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files. After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file structure), I found a way to make the application crash and overwrite a exception handler structure.
In this article, I will explain the steps I took to build an exploit for this bug.
Read MorePWB V.3.0 Available March 21st, 2010
The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course. On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever.
With new modules, more in depth explanations and a new rich lab environment, this will prove to be a very exciting release. We are opening up early registration for those interested in signing up now.
Read MoreMultiple Media Player HTTP DataHandler Overflow
We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads:
“There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings on this issue.
Nearly every (.MOV) enabled application that I tested fell victim to this exploit. This is a local memory corruption vulnerability in the way these programs process a malformed file.
Read MorePentesting With BackTrack v.3.0
BackTrack 4 Downloads are still going strong with over 30,000 registered downloads up to now. We are currently working on updating our new course materials based on BackTrack 4. We expect the new version to be available soon.
As always, alumni students will be able to upgrade their version of PWB. The upgrade fee will (as usual) be the difference between the current price and new one. No, we don’t have pricing information at this point!
Read MoreBackTrack 4 Final Release
Taken from the new BackTrack Site :
BackTrack 4 Final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of abeta last year, we decided to hold off on releasing BackTrack 4 Final until it was perfected in every way shape and form.
With this release includes a new kernel, a larger and expanded toolset repository,
Read MoreExploit-DB Updates
Lots of new updates in the exploit-db arena. Barabas whipped up a quick browser search bar plugin.
We got a massive CVE / OSVDB entry update from Steve Tornio which was added to our DB. Our “perfect” exploit template now has links to the exploit code, vulnerable app , CVE and OSVDB entries. See this example. You can now search for exploits via CVE or OSVDB.
We’ve added a new column to the database –
Read MoreExplo.it – The Day After
The Exploit Database is up and running…survived day 1 . On a last moment fluke, we registered the domain https://www.exploit-db.com/, which is now also up and running.
We’ve improved the search functions on the site, and imported the “papers” and “shellcode” sections from Milw0rm. We’ve been getting our first submissions and are processing them almost in real time. We’ve set up an IRC channel on freenode #exploitdb,
Read MoreOffensive Security Exploit Archive Online
After a short and intense setup, we are ready to present the Offsec Exploit Archive. We’ve recreated the milw0rm database, updated it and are now accepting submissions. The purpose of the site is to provide researchers and security enthusiasts a repository of exploits, and when possible, the relevant affected software. We’ve started the party by posting a few new exploits of our own – namely a Novell eDirectory 8.8 SP5 iConsole Buffer overflow exploit and a HP Power Manager Administration Universal Buffer Overflow Exploit.
Read More
Metasploit Unleashed Back Online
Just a quick note – the Metasploit Unleashed Wiki is back online, patched cleaned and secured.
The Offsec Exploit database will be online by the end of the week. Stay tuned!
Read MoreOffsec Web Server Hacked
For the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the wiki software we use for the free Metasploit course. The compromise occurred on Nov 6th,and went unnoticed for around 28 hours.
A php shell was uploaded to the wiki through an obscure vulnerability,
Read More