Posts Tagged ‘code’

How Secure Are You?

March 31st, 2011

Management never seem to think bad things will happen to them here in Australia. Well, here are two incidents that prove that thinking wrong:

Hacker attacks Victorian servers

http://www.zdnet.com.au/hacker-attacks-victorian-servers-339301026.htm

China spies suspected of hacking Julia Gillard’s emails

http://www.news.com.au/technology/federal-ministers-emails-suspected-of-being-hacked/story-e6frfrnr-1226029713668

So anyone connected to the internet is fair game, so the question becomes: How do I stop my company from being the next headline?

Glad you asked…

Enter SANS 504: Hacker Techniques, Exploits and Incident Handling course

SANS, one of the best known names in the IT security training arena, has a course dedicated to teaching IT staff how to understand what hacker are up and put in place measures to keep the company systems safe. SANS 504: Hacker Techniques, Exploits and Incident Handling course gives hands-on experience in understanding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan.

This course is being offered as a ten week Mentor lead course here in Sydney, this allow the attendees to gain the maximum study benefits while still having personal lives. It starts on the Thursday, June 2, 2011 and running each Thursday until August 4, 2011.

Learn and work through the SANS courseware with Chris Mohan, one of the few SANS’ GSE holders in the world and a handler at the Internet Storm Center, to help make the courseware relevant and of immediate use to you.

With the Australian dollar nearing an all-time high and using the code Mentor10 for an addition 10% off the course, SANS Security training has never been more cost effective and affordable!

Register here: http://www.sans.org/mentor/details.php?nid=24644

And just in case your company doesn’t think taking IT security is important, show your boss even the Australia’s spy agency ASIO gets cyber wing to protect the country. If the country needs protecting don’t you think your company does to?

http://news.smh.com.au/breaking-news-technology/australias-spy-agency-asio-gets-cyber-wing-20110311-1br4g.html

Share

No comments »

Posted in Certifications, News

Tags:

Metasploit pattern_create.rb 2 Code Creator

November 1st, 2009

UPDATE: Pattern2Code is now at V.03. This page has been updated with that version of code.

Pattern_create.rb is a great little tool that can be found in the /tools directory of your Metasploit framework. It is used to create a pattern of characters to a specified length which you can then inject into applications as a buffer overflow. Its sister script, pattern_offset.rb, is then  used to identify how many bytes from the start of the string a particular part of the pattern occurred.

pattern2code.py is a script I created to save me manually modifying the pattern_create.rb patterns to fit into my fuzzing code. Its simple to use and will output the pattern into either Python, Perl or C code.

Running the script is as simple as piping the output from pattern_create.rb into the pattern2code.py and specifying a name for the buffer, a length of each split, and the language output.

The instructions below can also be found in the script if required;

[+] Usage: ./pattern2code.py <buffername> <length> <languagename> <input>
[+] <buffername> = Custom buffer name
[+] <length> = Length of each split
[+] <languagename> = Perl, Python or C
[+] <input> piped input from pattern_create.rb

Output examples:

# ./pattern_create.rb 180 | ./splitter.py overflowbuff 50 python

overflowbuff = “Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab”
overflowbuff += “6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A”
overflowbuff += “d3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9″
overflowbuff += “Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9″

^ Python code output with a 50 character split.


# ./pattern_create.rb 260 | ./splitter.py newbuffer 40 perl

my $newbuffer =
“Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2A” .
“b3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac” .
“6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9″ .
“Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2A” .
“f3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag” .
“6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9″ .
“Ai0Ai1Ai2Ai3Ai4Ai5Ai”;

^ Perl code output with 40 a character split


# ./pattern_create.rb 260 | ./splitter.py newbuffer 55 c

unsigned char newbuffer[] =
“Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7A”
“b8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad”
“6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4″
“Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2A”
“h3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai”;

^ C code output with a 55 character split.

Here is the code for your enjoyment :)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/bin/env python
import sys

if len(sys.argv) != 4:
    print "++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
    print "+                                                      +"
    print "+                 pattern2code.py V0.03                +"
    print "+ Created by Damian Grace - http://www.damiangrace.com +"
    print "+       Restructure based on code by Jamie Gadd        +"
    print "+                                                      +"
    print "++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
    print "[+] Usage: ./pattern2code.py <buffername> <length> <languagename> <input>"
    print "[+] <buffername> = Custom buffer name"
    print "[+] <length> = Length of each split"
    print "[+] <languagename> = Perl, Python or C"
    print "[+] <input> piped input from pattern_create.rb\n"
    print "[+] This program is for use with pattern_create.rb which comes"
    print "[+] bundled with Metasploit in the tools directory."
    print "[+] To make it executable: chmod 755 ./pattern2code.py"
    print "[+] While its in the tools directory run it like so:"
    print "[+] ./pattern_create.rb 2000 | ./pattern2code.py buffer python\n"
    sys.exit(2)

# read buffer name and split length
buffername = sys.argv[1]
splitlength = int(sys.argv[2])

# read pattern and remove newline
pattern = sys.stdin.read()[:-1]

# language options
language = {"perl":("my $"+buffername+" = \t\""+pattern[:splitlength], "\" .\n\t\t\"", "\";\n"),
            "python":(buffername+" = \t\""+pattern[:splitlength],"\"\n"+buffername+" += \"","\"\n"),
            "c":("unsigned char "+buffername+"[] = \""+pattern[:splitlength],"\" \\\n\t\t\"", "\";\n")}

# parse args
start,mid,end = language.get(sys.argv[3], ('','',''))

# main
sys.stdout.write(start)
for x in xrange(splitlength,len(pattern),splitlength):
    sys.stdout.write(mid+pattern[x:x+splitlength])
sys.stdout.write(end)

The code can also be downloaded here

Enjoy!

P.S. I would love to hear feedback on how to improve my code so please leave a comment…

Share

2 comments »

Posted in Coding, Metasploit, Tools

Tags: