Archive for June, 2010

Analyzing undocumented formats

28th June 2010

Exploit DatabaseUsually when I analyze a protocol or a file-format I spend a few hours or days mapping out targets. The first step towards really understanding what you’re dealing with is to really get to know your target.

  • Search for old vulnerabilities, find a common motive.
  • Attempt to find signatures of third party libraries. If found, check if they are indeed the last version
  • Map out the types of data that the application parses. (for example, on internet explorer you could attempt to attack jpg images, the java-script interpreter, and many other components that are being parsed by internet explorer or passed on to the operating system)

(more…)

UFO: Alien Invasion Part 2 – One More Thing…

28th June 2010

UFO alien invasion exploitThis post is a continuation of part 1 of exploiting UFO: Alien Invasion.  When I was downloading this game, I noticed that they had a version for Mac OSX as well and since public Mac exploits are few and far between, it seemed like a good idea to see if this attack could be extended to target OSX as well. Exploiting a Mac also gives us the opportunity to practice our GNU Debugger (GDB) skills.
We begin our journey by launching UFOAI on the victim and attaching to the process with the GDB.

(more…)

UFO: Alien Invasion Part 1 – From Packet to Pwnage

28th June 2010

UFO alien invasion exploitIn addition to accepting submissions, we at the Exploit Database also have the opportunity to verify the exploits that we post on the site. Recently, I came across an exploit advisory by Jason Geffner targeting the open-source game, UFO: Alien Invasion that I subsequently posted on the Exploit Database. UFO: Alien Invasion (UFOAI) contains an IRC client and in version 2.2.1 and below, when a user is coerced into connecting to a malicious IRC server, remote code execution is possible due to the fact that the irc_server_msg_t structure does not perform proper input sanitization allowing its 512-byte buffer to be over-run by a malicious server response.

(more…)

Reliable Weekly Exploit Database Updates

25th June 2010

We have finally got around to syncing our exploits archive and SVN server. Both the downloadable archive and SVN server will be updated once a week. The date of the last sync can be found at the top right of our site header. You can check out the latest exploit entries using the following command:

 

2010 – svn co svn://svn.exploit-db.com/exploitdb exploitdb
or
2009 – svn co svn://devel.offensive-security.com/exploitdb

 

Edit:

As of 2014, we are now using GitHub for the Exploit-DB repository. Please see the following blog post for more information:

http://www.offensive-security.com/offsec/exploit-database-hosted-on-github/

The Exploit Database Reloaded

22nd June 2010

We are happy to announce some new and exciting features as part of the Exploit-DB. Some of the new improvements will greatly enhance your experience on Exploit-DB – such as CVE’s being added to each exploit.  This improves your ability to locate and use the close to 12,000 exploits we have stored in our database.  We presently have over 8500 of those exploits attached to a CVE and OSVDB reference, and there are a lot more to come.


Exploit Database


(more…)