A pentesting company called Immunity has released an amazing debugging application that is totally free of charge. Supposedly it will cut down the time it takes to find an exploit in any given application by %50. I don’t know if that is true, but it certainly has all the bells and whistles of a non-free debugger like IDA Pro.
The folks at Immunity, a company specializing in tools for penetration testing, have released a free application advertised to streamline the development of software exploits.
Immunity Debugger, as the app is called, will cut exploit development time by half, according to this product announcement. The debugger is designed with malware writers in mind, providing a rich GUI, powerful scripting language and connectivity to fuzzers and exploit development tools.
The program gives developers the option of using command line or GUI depending on the task at hand, and runs plug-ins written in Python by third-party developers.
In my opinion this could replace OllyDbg!! No offense to those hardcore OllyDbg fans out there, but you should give Immunity Debugger a whirl just to see how powerful it really is.
N00B Alert – Debuggers and disassembler’s are used for “cracking” apps, as well as finding malicious exploits. I expect that Immunity Debugger will be just as useful for cracking as anything else, if not more. Of course you need to have the right assembly code set to really utilize the extra speed promised by Immunity Debugger.
I’ll see what I can do about finding some tutorials in the near future. If my gut instinct is correct, this is gonna become a staple for most hackers out there (White, Grey or Black Hat).
Tech Republic has a great little article, even if its a bit old, for those of us that need a little help when it comes to WinXP. The article, entitled “10 things you can do when Windows XP won’t boot” written by Greg Shultz, is just what it claims to be. My article here will dive a little deeper into the instructions posted in Shultz’s article, including some insights of my own and some extra tools that might help.
To be perfectly honest, I have learned all I know about “Windows troubleshooting” from trial and error while poking around WinXP for shits n giggles. This means that I made alot of self imposed of cock ups, wasted months of time, experienced hair pulling frustration, and had too many complete drive reformats and re-installations to number. Hence the interest in this article for anyone out there, who doesn’t have the time or patience to dick around with Windows for hours on end.
Here’s a peek at Greg Shultz’s list of ten. (My Comments are in parenthases)
Use a Windows startup disk (The article was written in ’06. So replace “floppy disc” with USB stick, or any removable media that you don’t mind wiping clean to use as a boot device and “startup disk”, including a CD-R if you want to waste one.)
Use Last Known Good Configuration (Ok, I dunno about you, but I have never seen regular old OEM PC, WinXP boot screen with this text on it, “Please select the operating system to start“. Most OEM systems (PC’s like Dell, HP, anything that you didn’t build yourself) will start with a screen that shows their logo while the BIOS is telling your system what to do. Usually in this screen, before you see the Windows Logo/boot screen, you get a logo in the center and some F# options, like F8, that you can use before the system executes the boot sequence set in the BIOS. Note: Some OEM systems do have different selections for different buttons, but they will tell you what they do on the screen. You will see them, the options, either in the upper right hand corner of the screen or at the bottom, usually in gray letters)
Use System Restore (Note: Sometimes Ctrl-Alt-Del won’t work to restart your system, you may have to do a “hard restart” by holding down the “power button” either on your tower or wherever it is on your laptop, and hold it until the system powers down. There may even be times when a hard restart won’t work, which means you are pretty screwed, the absolute last resort is to pull the power plug. However, most modern PC’s will succumb to the hard restart.)
Use Recovery Console (This is really just a start point for many of the following “Things You Can Do“, as there is no explanation of what to do after you get the recovery console started.)
Fix A Corrupt Boot.ini (Note: Won’t work if you F’d up a GRUB bootloader by wipeing a partition without fixing the GRUB partition map first, a personal experience of mine.)
Fix A Corrupt Partition Boot Sector (The functionality of this one may depend on just how many partitions you have. Windows doesn’t allow for more than 9 (I think), and if you have more than two OS’s… lets just say I had a problem with this one. GRUB problem can also screw this one up.)
Restore From Backup (In my opinion, this is your best option. Of course, not all people regularly backup their systems with Norton Ghost or whatever back up software anyone likes. However, even if you haven’t been backing up your windows partition, you can still retrieve information, or even copy whole partitions, with a live CD like UBCD, Hiren’s Boot CD, or even a linux distro like BackTrack2)
Perform An In-Place Upgrade (Also known as a repair install. You might get full functionality back with this and you may not, but at least you will have access to your data. Oh, and depending on how up to date your Windows XP install disc is, you might wind up having to re-update to SP2 as well as other updates that were applied that are not on your disc. Note: The GRUB problem described before will also screw this up.)
*I mentioned a couple tools up there in my comments, I’ll supply links after the jump.
From what I can tell there doesn’t seem to be any order of which things you should try first when your XP won’t boot. In my opinion your easiest point and click options, in the order of what you should probably try first, are numbers 2, 3 and 10. Number 9 is really just a good thing to do. Now if you are a bit more adventurous, or knowledgeable, you can try the other options. Number one is really just to get access to your windows partition. However, if the start disk works, you will know that the files you copied from another system (boot.ini, NTLDR and ntdetect.com) are involved with the problem on your system AND that your MBR (master boot record) is probably ok. So then you’ll wanna try fixing your boot.ini file, number 5 in the list, which requires that you know how to do number 4. However, if your start disc from number one doesn’t work, then you will have to delve into numbers 6, 7 and 8. Number 8, backup restore, is really a great way to go, if you have your system backed up, including your boot sector. This is all hindsight, but its a good idea to keep a system backup handy on some sort of removable media. One thing to think of when you first install Windows, or right after you get your new PC or laptop, is to partition your hard drive so that the core system files reside on the default partition “C” with the minimum possible size allowed for a WinXP. This will make it alot easier to back up your core system, because that “C” partition will be ALOT smaller than say your whole hard drive, and only contain files that your system needs to run. You can use the other partition/s as storage for documents, videos, whatever you want. If you don’t have partition magic, you can use Parted Magic or Gparted on a live cd. Lastly, if you don’t remember your Administrator password, which is fairly common, you can use Offline NT PW & Reg-Edit Bootdisk to reset the admin password to blank.
That’s all I have to say about that one. Remember, for links and info on the tools I mentioned in this article follow the jump. Happy troubleshooting!!
If you haven’t read about the latest (as of 7.23.07) Mac exploit/s then you either don’t care or haven’t looked at the intarwebs lately. I’ll give you the short version, with LOTS of links:
Engadget is aflame with comments on their posts, so far THREE, about the alleged “rape.osx” worm that a group of hackers, who call themselves “InfoSecSellOut“, posted some hints about on their blogspot blog as well as a link to a securityfocus.com notice about the “worm”, oh and a hint that they want money for having created the worm. There’s been way too much drama to map out here (death threats much?!?!), but lets just say its gotten out of hand and TMBBITW is totally neutral, we’re strictly grey hat and ALL homegrown Linux. No plans to release the code for the rape.osx worm have been revealed, not even a little bit. HackZine has a little blurb up about a video that has popped up on www.exploitingiphone.com, which is really a redirect to a slashed Independent Security Evaluators URL. Obviously, ISE has an iPhone exploit on their hands, however they have notified Apple and have some good info up. There’s a truncated white paper out and they plan to reveal their code on August 2nd, at the Black Hat convention in Vegas.
For the Windows folks out there, you haven’t been left out. A win32 version of Safari was released, but hacked in ONE day.
And that’s everything in a nutshell since last wednessday. Now I’ll go on to explain all the information I could gather on all of these, what we like to call, Mac Hacks.
ALL of the malware/exploits/worms/whatever you wanna call them are executed via Safari. That means all three versions (mobile, desktop and Win32).
First is the most interesting, the iPhone exploit. Basically ISE has done a buttload of work, not to mention a bang up job creating this:
If you read the white paper that they have on their site, which is pretty exhaustive, you’ll find out the level of knowledge that this hack took to find and make into a shell script.
Here’s how they started, and what will probably be THE way to find new exploits for the iPhone:
Using jailbreak and iPhoneInterface, the binaries can be extracted from the device and statically analyzed, using a disassembler. Additionally, since the MobileSafari and MobileMail applications are based on the open source WebKit project, a source code audit of that package can be performed. Finally, dynamic analysis, or fuzzing, can be executed against the device. This involves sending malformed data to the device in an effort to cause a fault and make it crash. Such fuzzing can be performed against applications such as MobileSafari or against the WiFi or BlueTooth stack. (you can download the tools mentioned in the above excerpt by clicking on them, as for fuzzers and debuggers just use BACKTRACK and DBG)
[…] in order to view memory and discover the way the execution flows in the application. However, in this case we were able to utilize the Mac OS X crash reporter. This daemon runs and monitors any programs for crashes. When one is detected it records a log of the crash, including relevant register values. These reports can then be transported to a desktop computer when syncing. The crash reports can also be downloaded directly off the iPhone using jailbreak and iPhoneInterface. While the CrashReporter provides register values and basic memory mapping information, it does not include direct access to the memory. In order to obtain this crucial information, it is possible to modify the iPhone in such a way that the applications will dump core files when they crash. This is accomplished by adding the file /etc/lauchd.conf containing the line “limit core unlimited”
to the iPhone using iPhoneInterface. Core files can be retrieved off the iPhone from the /cores directory, again using iPhoneInterface.
In order to generate valid opcodes for the iPhone, we first installed a Linux x86 to ARM cross compiler. This would compile our ARM assembly to bytecode which we could then extract into shellcode. Besides not having a debugger, developing iPhone shellcode also presented other challenges. Since we didn’t have access to an ARM processor with a debugger, we had absolutely no real way to test the shellcode besides trying it and using the core files obtained.
That’s pretty much where I gave up on trying to go at this on my own. ISE actually has two hacks for the iPhone where one collects data and the other can actually make your phone do whatever they want, dial, ring whatever. That’s all I got, but anyone is welcome to give iPhone hacking a whirl. All the files are linked up there.
Now on to InfoSecSellOut’s “Rape.osx”. To start it is supposed to be a worm which is deployed via Safari. From what securityfocus.com says, it seems to be based on mDNSresponder (yes, click to download). All that I can find out about it is that ISSO (InfoSecSellOut) was able to download a text file using their exploit. However, in reading the white paper for the iPhone hack, I saw that the real problem with Mac OS X (pick one) security is that all applications are run as “root” or with “admin” privilages. So that means that once you are in a Mac OS X machine, you can do whatever you want.
NOTE: Many linux OS’s use mDNSresponder as well, so be on the lookout. However, most people do know not to login as root on their linux machine, right?
I have no code, no apps, nothing on rape.osx other than the code for mDNSresponder. I do have some code for the first Mac virus, the Leap.A virus, as well as some other info I gathered in order to further the purposes of writting worms/viri/malware for Mac OS X.
As for the Win32 version of Safari, what were people thinking?!?!? Porting, what is essentially an open source Mac app to Windows? Yeah, no one is going to hack that. Stick to FireFox with all the JS, Flash, AD, PopUp, bad shit blocking extensions that you can shake a stick at.
And that’s all she wrote for now folks.
Keep on keepin on hackers of all hats. I’ll keep you updated.
*Sources – Noted and linked throughout the article, accepting VX CHAOS FILE SERVER where I get ALL my super sweet viri source codes and all the best viri, malware, trojans, RATs, you name it and AZAG has got it!!
Online video is a huge trend – so huge that’s it’s proving hard to keep track. From video sharing sites to video mixers, mashups and converters, we’ve brought together more than 150 of our favorite sites in this category. Enjoy.
Follow the link to read the list silly: Video Toolbox
TheMostBoringBlogInTheWorld 
RECENT RANTS