Ubuntu Security :: Testing Shell Codes In 10.10
Feb 9, 2011
I am learning exploit development and learning some stuff about shellcodes now! The shellcode is absolutely right and have tested it. I am using the following code...(created by me) to run my shellcode..
Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers..
char shellcode[] = "x31xc0xb0x01x31xdbxb3x07xcdx80"; // basic exit shellcode
int main()
{ int *ret; // a simple integer pointer pointing a address
ret = (int *)&ret + 2; // change the address pointed by
(*ret) = (int)shellcode; }
Compiling :-
Code:
aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector
Compiling gives no errors as expected..
Now the problem I am facing is that As I run the program :-
Code:
aneesh@aneesh-laptop:~/articles/C$ ./test
Segmentation fault
Strace output :-
Code:
aneesh@aneesh-laptop:~/articles/C$ strace ./test
execve("./test", ["./test"], [/* 37 vars */]) = 0 .....
set_thread_area({entry_number:-1 -> 6, base_addr:0xb78016c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xf5e000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0x15c000, 4096, PROT_READ) = 0
munmap(0xb7802000, 81274) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault
I have some feeling that its because the program has no access to the memory containing the shellcode (May be???)..
View 2 Replies
ADVERTISEMENT
Mar 10, 2010
I'm doing my project on shell designing, so can I know the basic shell (any shell in linux) codes using c language with few commands implemented on it.
View 2 Replies
View Related
Aug 28, 2010
I think I put this in the wrong place
View 1 Replies
View Related
Jan 18, 2011
How can I test a script that's written to receive arguments from an html form, from the shell?
View 6 Replies
View Related
Mar 22, 2010
I'm writing a bash script that can be run by crontab or by a user interactively.
If the script is run by a user interactively, it will ask for a parameter interactively.
If the script is run by the crontab, it validates if a command line parameter is provided.
In doing so, I cannot get these tests to work inside the bash script
Code:
This shell is not interactive
How the tests be done inside a script?
View 5 Replies
View Related
May 31, 2010
I'm using openSUSE 11.1 I have to install downloaded zlib-1.2.5.tar.gz via Shell. First I have to unzip and then instal. Can anyone write here the sorted codes of Shell for installing?
View 1 Replies
View Related
Aug 5, 2010
I have comma separated file containing 3 fields:
Name,Shortcode,URL
Example of file is
Sony,52525,http://17.0.0.1/xyz
NDTV,53636,http://10.0.0.1/abc
Now i want to test every URL connectivity from my server by executing it using shell script and if url gives back response it shows output as "OK" in green color and if url is not responding it shows "NOT CONNECTED" in red color.
Output will be like following:
Sony 52525 OK
NDTV 53636 NOT CONNECTED
View 2 Replies
View Related
Nov 9, 2010
I would like to test my firewall rules. Is there some app or web service where I can do that ?
View 6 Replies
View Related
Sep 4, 2010
I need a person to look over and test the security of a program that I am writing. It is in its final stages so no major bugs should be in it. You have to be good in C programming, and know how encryption works. Being knowledgeable in security is a plus. Email me at <removed> or message in post if you are interested.
View 4 Replies
View Related
Feb 3, 2010
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies
View Related
May 4, 2011
I have installed a "backtrack 4" in order to test the the wireless network security of my router. how and which commands would be needed. Also, do I need to install airodump into the host?
View 1 Replies
View Related
Dec 14, 2010
I launched my website. At the moment the site has an firewall (iptables) enabled with very simple rules. All incoming traffic is blocked, except for the ports http and ssh. Everything is working perfect, but I want also to be able to block certain kinds of attacks. There are some really good examples on the internet, but I don't now if they contain all kinds of attacks which are relevant to my situation. To be clear, I only server web content through port 80 and use ssh to remote login.
View 3 Replies
View Related
Mar 17, 2010
I'm currently creating a simple sh file which will copy the contents of a certain directory to / directory. in my sh file:
Code:
cd "$DIR"
for i in *.*; do
sudo cp -iv "$i" "$DEST"
done
but this requires user password. can i add the user password in my sh file? how? I'm trying to do this because I have an application to run the sh file and the application has no way to enter the password..
View 9 Replies
View Related
Jun 3, 2011
Ok, so I have a few web apps that need to run shell commands. Heres a great example of one:
Code:
This is a PHP script getting my system volume. Herein lies the problem... www-data doesn't have permission to do this!
I changed my apache config to use MY account as the web user, and it does in fact work the way I want it to.
Obviously, I dont want to leave apache running as me, and want it to keep using www-data.... heres my question... how can I give permission for www-data to execute certain programs?
View 3 Replies
View Related
Jun 22, 2011
As I was researching on how to create a kiosk Ubuntu setting I came upon a suggestion to create the user with '/usr/bin/screen' shell option.Hope you all would forgive me for this noob question but what does this mean? I saw when I checked the Advance Settings Advance tab that there are a couple of possible options there, what do they mean and how will they affect the user profile I'm creating? I tried google for this and if my understanding is correct, these shells are suppose to be programmable and a scripting language for linux but I'm confused on what effect this has on the user profile I'm creating?One thing I notice though is that with the '/usr/bin/screen' option, the user account is refused of the Applications > Accessories > Terminal option.When I googled each one of the options I'm getting more confused as to the relevance of this to the user profile.
View 3 Replies
View Related
Apr 1, 2010
We have some script files on our linux servers. For security purpose our requirement is to keep these files encrypted . I mean when we open the files it will looks like as for example i am showing you one encripted file of iur server. how can i do this.
one encrypted files from our server:-
[utibaadm@AIRTELVTUD2_UVAS01server_monitoring]$cat SOUTH_DTH_MONITOR.sh
#!/bin/sh
skip=14
tmpdir=`/bin/mktemp -d ${TMPDIR:-/tmp}/gzexe.XXXXXXXXXX` || exit 1
prog="${tmpdir}/`echo "$0" | sed 's|^.*/||'`"
[Code].....
View 3 Replies
View Related
Jul 11, 2010
I have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:
- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?
- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?
- Would that be enough? Can I make that whole idea more secure in any way?
View 11 Replies
View Related
Apr 14, 2011
Write a shell script setup linux security policies include:
1. password policy
2. User policy
3. firewall
Note: Create a file.sh from 1 to 3. purposes:
If (1) successful then 2 If (2) successful then 3 End
View 3 Replies
View Related
Apr 13, 2011
I don't know how to write a shell script to set security policies for Linux to start. and how. I know that there are many security policies for Linux but do not know which one best suited to write a shell script.
View 5 Replies
View Related
Dec 12, 2010
Fork bombs can also very easily be standalone shell scripts? https://bugs.launchpad.net/ubuntu/+s...sh/+bug/689176
View 4 Replies
View Related
Feb 16, 2010
I know there are different process states in Unix such as Running, Sleeping and Zombie.When I run "ps -C firefox -o stat=" I get the output "s" which means sleeping.But there are also others like s+What are the different codes for process states in ps, and what do they mean
View 1 Replies
View Related
Jul 28, 2010
how to edit or add codes to ~/.bashrc?? and also what is this bashrc if anyone could explain... i have tried editing this bashrc without success... how to save the changes in bashrc...
View 5 Replies
View Related
Apr 2, 2011
I realized I can watch DVDs on my laptop. I tried the first DVD that I had tried it on, and it didn't work. I am thinking this may be something to do with region codes. First of all, how do I see which region code I am currently on? Secondly, how do I reset the region code? Is there any way to use multiple region codes at once?
View 9 Replies
View Related
Apr 18, 2011
I need to know the codes to reconfigure my graphics. While updating from v9.10, the graphics got misconfigured somehow.
View 1 Replies
View Related
May 27, 2011
I have no idea how to do this. There isn't an option in the GUI (though I believe there should be one) and Google hasn't told me anything.
View 9 Replies
View Related
Jun 14, 2011
I have installed minecraft on Natty. I just wiped and reinstalled to Maverik and now i cannot get Java to install, which i have to have to play minecraft. Are there other programs or codes to install Java?
View 7 Replies
View Related
Mar 20, 2010
I would like to be able to enter codes. I have pressed ctrl alt f5, 6 etc and get to the black screen which asks for username and password. I enter the username and password that I use to log in, but I keep getting the message telling me that they are not correct.
View 8 Replies
View Related
Dec 13, 2010
i need the terminal codes for the compiz apps, such as for the cube deformation .I'm using build 10.04,
View 1 Replies
View Related
Mar 16, 2011
i have two doubts
1) i downloaded the latest linux kernel in hope that i will find the codes for the operating system the os but i cant locate any.so can any0ne tell me from where can i find what i am looking for?
2) c language used in the package i downloaded is though very close to the c i studied but there are places where it becomes tough for to comprehend the real significance of the lines. eg i never knew rhere is Display() a pre-defined function but i saw it somewhere as predefined.
View 9 Replies
View Related
Jun 20, 2011
I have a simple testing program like this:
/*The Parallel Hello World Program*/
#include <stdio.h>
#include <mpi.h>
[code]...
My program is, I can't compile this program using gcc, and I can't find something like pgcc in ubuntu. How should I compile this program? After compiling, what should I do to run this program? Can I use something like mpirun to run it? I want to try to use both cores of my computer to run it and make it shows Node 1 also besides Node0.
View 3 Replies
View Related
