OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: May 29, 2008 10:17 CDT by MohammadHosein .

A ----- Serial Port RS-232 ---- B

this is how it goes : A runs a custom application connected to B using Serial Port and B Runs the Sql server and all the secret stuff . i have owned A . now its time to go for B . what are my options ? any hint is appreciated . Both systems runs XPSP2 btw .

igorsk		May 29, 2008 18:33.09 CDT
Examine the "custom application" and see of there's any good stuff in the serial protocol.

MohammadHosein		May 30, 2008 04:18.15 CDT
Custom app is written in VB.NET , so practically the source is on the Desk . now what would be good stuff ?

eieio		May 30, 2008 07:38.30 CDT
a debugging corridor between A and B would be great but unlikely. I would start by determining if you can find the code for the server/client on B inside the code you have on A. If they both use the same code then you look for vulnerabilities in the code section that B would be running. beyond this by looking at the communication protocol in the custom code on A you might find interesting commands or undocumented functionality that you can use to gain more information about target B.

MohammadHosein		May 30, 2008 09:41.38 CDT
- can you describe what kind of "vuln" might be applicable to this situation ? what is an interesting command ? can you make an example of an imaginary vulnerable application in the same condition and how you would exploit it ? - can i somehow manage to activate B's kernel debug mode over the serial port while i have administrative access to A ? i assume in a debug channel i could do funny stuff but i dont believe target machines have this enabled by default

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit