My Android Metasploit Payload with Meterpreter Android Extension for Metasploit

My Android Metasploit Payload with Meterpreter Android Extension for Metasploit https://vimeo.com/77632331

Cairo Security Camp 2013

Post by Anwar Mohamed.

[C Tutorial] Course Content

Hello Guys,
I have setup the course content for the new C programming language tutorial. I thought that it will help you to  put your hands on my plan for you for the next weeks. Good luck

Link to Course Content PDF

Coming Soon

Something big is coming soon !

Packetyzer: A step towards future

Long time I didn't write on the blog, but I am back with my latest and first paper on Packetyzer, my first packet analysis C++ library. 

https://github.com/AnwarMohamed/Packetyzer

Abstract

Packetyzer is a high level library for C++ designed to make easier the forging and decoding of network packets. It has the ability to decode packets of most common network protocols, capture them and send them on the wire. This capability allows construction of tools that can probe, scan or attack networks.

It enables the creation of networking tools in a few lines. A packet is described by its where Fields of each layer have useful default values that you can overload. It has the ability to analyze pcap files or captured packets using Wireshark.

Packetyzer has the ability to capture packets, analyze them and send them over the wire. It analyzes the packets and the connection streams ... from the Ethernet header to the Application layer protocols. Packetyzer is in the form of Dynamic Link Library (DLL) that will help to be included in many tools and projects.

Windows Buffer Overflow Explained - Part 2

Welcome back, in part 1 we talked about the definition of the buffer overflows and how they can occur, also we talked about memory and its relations to buffer overflow. In this part we are continuing our series talking about Registers and Shellcodes.

Registers 

Processors contain memory known as registers. These registers are very small and are used for very fast processing. Registers can be thought of as variables for assembly. Registers are classified according to the functions they perform. High level registers can be categorised in four sections

• General purpose 
• Segment 
• Control 
• Other 

Registers EAX, EBX, ECX, EDX, ESI and EDI are used for general purpose variables such as mathematical operations and hold  data for an operation. These are 32 bit registers on a 32 bit processor. The 16 bit registers for EAX, EBX, ECX and EDX are known as AX, BX, CX and DX. Finally 8 bit registers are known as AL, BL, CL and DL which are the low order bits. High order bits are known as AH, BH, CH and DH. These 16 and 8 bit  registers exist for backwards compatibility and are very useful when producing smaller shellcode. The "E" means extended to address the full 32-bit registers.

Windows Buffer Overflow Explained - Part 1

Buffer Overflows 

We begin our part by discussing the basics of an overflow, followed by the next sections in the next parts: memory, registers and shellcode  giving us an adequate understanding on these areas and how they later help us better understand buffer overflows and ways to exploit them. Types of buffer overflows are then described in detail, followed by controlling our overflow to our chosen code.

What is a buffer overflow?

Buffer overflows are a common vulnerability on all platforms, but are by far the most commonly exploited bug on the Linux/Unix Operating systems. Buffer over flow occurs when something is filled beyond  its capacity. Imagine pouring water into a container with more than it can store, the water will spill over and create a mess. A similar situation applies to computer programs where a certain amount of space is allocated to store data for the program during execution. If too much data is inputted into the fixed amount of space, then this space known as the buffer will overflow. Hence the overflow is known as a buffer overflow.

Buffer overflow or buffer overrun occurs when a program allows input to be written beyond the end of an allocated buffer. When a memory block is allocated to store data only data up to that limit is allowed and no more. Any more data inputted would produce unwanted results.  These results would overwrite critical areas of memory which would give an attacker the ability to alter the execution flow of the program. Having the ability to control the flow of execution gives the attacker the ability to execute anything he wishes to.