inside the man

Thursday, December 15, 2005

SANS Hacker Techniques report - day 3

Other posts in this thread:Day 3 entered the dark realm of exploiting systems. While we dealt with a wide variety of fascinating material, the balance between lecture and exercise was off today. There was a lot of lecturing about topics that, let's face it, are difficult to lecture about like buffer over flows. First off, it is difficult material that cannot be explained quickly. It would be great to step through some actual running software walking an jumping down the stack, but this is not an assembly language class. Somebody should, and maybe already has, come up with a way to visualize the process of a buffer overflow in an animated form.

The two main exercises were very interesting involving remote command execution using netcat. However both exercises were about, well, netcat, one on Windows and one on Linux. This was a bit of a let down when there are so many other cool tools under discussion. I was itching to take the Metasploit framework for a ride, or to man-in-the-middle my neighbor's TLS session with the DSniff webmitm tool, but alas, it was not to be.

Here is a fun and safe format string attack to try out from the Windows command line:

C:\> sort %x%x%x
7c812ca900The system cannot find the file specified.

Now try adding a few more percent x's and watch the hex grow!

  • Day: Day 3
  • Topics: Expoiting systems, IP spoofing, sniffing, session hijacking, DNS cache poisoning, backdoors, buffer overflows, protocol and parser problems, hiding payloads, steganography
  • Tools: ethereal, snort, Sniffit, Dsniff, hunt, TTYWatcher, IP-Watcher, Ettercap, jizz, Zodiac, netcat*, Metasploit, inetd, tftp, ADMutate, Hydan, printf format strings*
  • Overall value: 3 out of 5
  • Coolness: 4 out of 5

* Starred items were part of hands on exercises.

No comments:

About Me

My photo
Edmonton, Alberta, Canada
Returned to working as a Management Consultant, specializing in risk, security, and regulatory compliance, with Fujitsu Canada after running the IT shop in the largest library in the South Pacific.

CC Developing Nations
This work is licensed under a Creative Commons Developing Nations license.

Site Meter