http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Thu, 24 Sep 2009 10:24:43 -0500 https://www.openrce.org/blog/view/1500/Linux_kernel_2.6.31_perf_counter_open_exploit xipe <email-suppressed@example.com> Well, it has been a while since my last technical post … More than 1 year ?!? Wow, time runs so fast :)<br /> <br /> So let’s go for a post about Linux kernel exploitation (yeah, I know, sounds cool). We will exploit a quite recent bug in kernel 2.6.31 (still unpatched while writing this) in the perf_counter_open syscall (CVE 2009-3234) to gain root privileges. As real hackers say, f34R.<br /> <br /> But, let’s start by the begining: the bug.<br /> <a href="http://redstack.net/blog/2009/09/24/linux-kernel-2631-perf_counter_open-exploit/">Read More ...</a> Mon, 19 May 2008 16:53:19 -0500 https://www.openrce.org/blog/view/1139/Intel(r)_switches_backdoor xipe <email-suppressed@example.com> I recently got an Intel(r) Express 530T switch from eBay. It’s a “Manageable” switch, this means that you can connect to the switch through a null modem cable, telnet or a web interface to modify the switch configuration (Change MAC address filtering, create/delete VLANs, change ports speeds an priority, …).<br /> <br /> But when I tried to connect to the switch, I discovered that the switch hadn’t been reseted, and that the seller didn’t gave me the username and password needed to manage the switch.<br /> <br /> After trying to find any reset button around, under, and even inside the switch, I sent a mail to the seller and contacted the Intel support.<br /> As the seller wasn’t responding and the Intel support wasn’t able to give me a reset procedure, I crawled the web, and managed to find a little Intel(r) utility “that does not exists”, according to the russian website that was distributing it...<br /> <a href="http://redstack.net/blog/index.php/2008/05/19/intelr-switches-backdoor.html">Read More ...</a> Thu, 24 Jan 2008 13:36:33 -0600 https://www.openrce.org/blog/view/1036/Writing_exploits_for_Metasploit_3.0 xipe <email-suppressed@example.com> This article is about writing exploit using the Metasploit Framework, for very secure software: bof-server ;)<br /> Bof-server has been written especially to be exploited during this article, and as you already guessed by looking at it’s name, we will exploit a stack overflow bug. You can find bof-server here: ...<br /> <br /> <a href="http://redstack.net/blog/index.php/2008/01/24/writing-exploits-for-metasploit-30.html">Read More ...</a> Sat, 19 Jan 2008 02:28:12 -0600 https://www.openrce.org/blog/view/1028/x86_calling_conventions xipe <email-suppressed@example.com> This is the first article of a (I hope) long series of articles about 'The Basics: What everyone should know about' :)<br /> <br /> The calling convention defines the way a function or a piece of code should arrange data before calling a function, and what to do after. It responds to questions like &quot;In which order should I pass the arguments ?&quot;, &quot;Should I clean something ?&quot;, &quot;Where is the result ?&quot;, ...<br /> <br /> <a href="http://redstack.net/blog/index.php/2008/01/16/x86-calling-conventions.html">Read More ...</a>