flat assembler
Message board for the users of flat assembler.

Index > Heap > must know backdoor exploits

Goto page Previous  1, 2, 3, 4, 5  Next
Author
Thread Post new topic Reply to topic
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 18:24; edited 1 time in total
Post 28 Jan 2014, 18:37
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
sleepsleep wrote:
welcome 64bit realmode DOS, with open source hardware drivers implementation,


You must be mad. If today you can run an exploit in ring3 that can escalate into a bot taking over your computer then what more giving direct access to real mode?
Post 28 Jan 2014, 20:27
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
idk if we could put a address or memory daemon,
all request must send/get from daemon, no direct access,

application is scan for address read/write before run, self modifying will get terminated,

i am sure there would be ways to prevent direct memory access.
Post 29 Jan 2014, 05:17
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
idk if we could put a address or memory daemon,
all request must send/get from daemon, no direct access,

application is scan for address read/write before run, self modifying will get terminated,

i am sure there would be ways to prevent direct memory access.
Are you trying to reinvent Java/.Net? Please, no! Not yet another managed language. Mad
Post 29 Jan 2014, 05:21
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
sleepsleep wrote:
idk if we could put a address or memory daemon,
all request must send/get from daemon, no direct access,

application is scan for address read/write before run, self modifying will get terminated,

i am sure there would be ways to prevent direct memory access.


You mean sand boxing? Shocked Confused
Post 29 Jan 2014, 06:44
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Quote:

Are you trying to reinvent Java/.Net? Please, no! Not yet another managed language. :Mad:

i was thinking to let the daemon control only the memory access.

so, we don't touch other instructions that doesn't deal with memory read/write.

i guess what they did is, divide the usable memory into pages,
we don't care if program want to r/w in their own pages, but r/w in OS pages, or devices memory pages, they must go through the daemon.

so, when an application is to be opened, a security daemon will scan the whole application instruction for r/w and check for possible memory access beyond its own pages, terminate if found.

everybody got 2GB at least in 2014,
we could just real mode instead of create 4GB virtual memory for each application. (this will add another task/layer to manage virtual memory)

one thing is multi core cpu,
i was thinking reserved 1 core at least for OS,
other cores will be used by applications,

the OS code will loop inside that 1st core until user shutdown.

maybe what i said is non-sense, but this is what i understood so far on how the OS works.
Post 29 Jan 2014, 12:04
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
i was thinking to let the daemon control only the memory access.

so, we don't touch other instructions that doesn't deal with memory read/write.

i guess what they did is, divide the usable memory into pages,
we don't care if program want to r/w in their own pages, but r/w in OS pages, or devices memory pages, they must go through the daemon.
You mean like VirtualAlloc?
sleepsleep wrote:
so, when an application is to be opened, a security daemon will scan the whole application instruction for r/w and check for possible memory access beyond its own pages, terminate if found.
Like an AV?
sleepsleep wrote:
everybody got 2GB at least in 2014,
we could just real mode instead of create 4GB virtual memory for each application. (this will add another task/layer to manage virtual memory)
Like a Hypyervisor?
sleepsleep wrote:
one thing is multi core cpu,
i was thinking reserved 1 core at least for OS,
other cores will be used by applications,
Like multi tasking (except for the reserved core thing)?
sleepsleep wrote:
the OS code will loop inside that 1st core until user shutdown.
Or even just use HLT instruction.
sleepsleep wrote:
maybe what i said is non-sense, but this is what i understood so far on how the OS works.
All those things already exist. The hard part is getting them all to work without problems or errors. Many smart people have thought through all of these things before, you are not suggesting anything new. What you need to do is go out and start making code to do it.
Post 29 Jan 2014, 13:47
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
glad, so much features already existed, =)
glad too feel that what i could think of are those suggested by smart people,

maybe i should start check your website on some cpu core programming, (learning something new will make me happy even without final output), i hope i am smart and diligent to make something,
Post 30 Jan 2014, 05:14
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
E-Z-2-Use attack code exploits critical bug in majority of Android phones
http://arstechnica.com/security/2014/02/e-z-2-use-attack-code-exploits-critical-bug-in-majority-of-android-phones/

Quote:

Recently-released attack code exploiting a critical Android vulnerability gives attackers a point-and-click interface for hacking a majority of smartphones and tablets that run the Google operating system, its creators said.


Quote:
The WebView vulnerability allows attackers to inject malicious JavaScript into the Android browser and, in some cases, other apps. In turn, it helps attackers gain the same level of control as the targeted program. The easiest way to exploit the bug is to lure a vulnerable user to a booby-trapped webpage. Within seconds, the site operator will obtain a remote shell window that has access to the phone's file system and camera. In some cases, the exploit can also be triggered by performing a man-in-the-middle attack while the victim is on an unsecured Wi-Fi network. By hijacking the app's update process, attackers can gain control over the same resources already granted to the app, including permissions such as access to SD cards and geographic data.

basically, big SHIT.
Post 21 Feb 2014, 17:19
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
Oh, how surprising, it uses JS. Rolling Eyes Just don't run JS, Java, Flash, Silverlight, or any remote code. It isn't worth it. And it probably means things like Facebook won't work anymore without JS, so there is that advantage also. Razz
Post 21 Feb 2014, 20:53
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Steal WhatsApp database (PoC)
http://bas.bosschert.nl/steal-whatsapp-database/

i guess, the whole android app no permission and security clearance check by users gonna blow soon,
they are brewing for huge disaster,

Quote:
“Is it possible to upload and read the WhatsApp chats from another Android application?”

and the answer is a YES
Post 11 Mar 2014, 18:27
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
and reflect this on the windows OS most people are using right now,
this is all for huge disaster, with faster internet, bigger bandwidth, and etc,
once we got internet as fast as hard disk read/write speed, basically,

your OS and everything you thought you are in control are no longer in your control anymore,

the moment you jack in your USB pendrive, the whole pendrive got clone and stored into somewhere.
your SD card, your everything,
Post 11 Mar 2014, 18:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
your OS and everything you thought you are in control are no longer in your control anymore,

the moment you jack in your USB pendrive, the whole pendrive got clone and stored into somewhere.
your SD card, your everything,
You are wrong here. These scare stories are hyperbole. Even the most malware riddled machine is still under your control with a simple reinstall. You do have your offline backups right?

"Cloud computing" is a different matter though; that is certainly out of your control ... by definition.
Post 11 Mar 2014, 23:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
revolution wrote:

You are wrong here. These scare stories are hyperbole. Even the most malware riddled machine is still under your control with a simple reinstall. You do have your offline backups right?

ah, so you trust the RTM operating system?
deliberate broken securities implementation, and etc, we never know..
like how nvidia put a user "UpdatusUser" without letting you know into windows if you installed nvidia driver, or after a online ms update.

i guess i listed before, vulnerabilities by os, we really got no choice and nobody bother to fix it.
Post 12 Mar 2014, 00:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
ah, so you trust the RTM operating system?
Now you are using a different term. Please don't mislead us by switching to a different argument. Trust is different from control. I don't implicitly trust any OS or program, but that doesn't mean I have lost control. Lack of trust only means I take care not to allow the OS/programs to do things I don't approve of.
Post 12 Mar 2014, 02:22
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i apologize first for my poor englsh words gave you a different understanding,

i am under the impression that control is based on the perception that trust exists between controller and object/things that being controlled.

i perceived i am controller when things/hardware/gears work according to my commands,
when i said, delete file, it really deletes file, show all processes, it really shows all processes, move cursor 10pt, it really moves cursor 10pt.

regarding how to still in control, but not trusting, idk,
maybe like 50% control power,... hmm, but this kinda thing is hard to divide into percentage.
(like sometime it works, sometime it doesn't)

i guess the question is more to the idea that a reinstall of RTM OS would clean malwares,
is using a trust that an RTM OS is free from malware.

i guess, my concern is, those os are vulnerable,, more and more malwares, viruses etc, appear and how many time a user need to reinstall his os, the os stuff is so complex and huge, and we got no choice but to use it.
Post 12 Mar 2014, 03:38
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
Yes, trust and control are two entirely different things. You can't conflate the two.

In a system where you have no control you can still trust it. You have no control over the motion of the Earth and Sun but you can still trust that the Sun will rise each morning.

In a system where you have no trust you can still control it. You might have no trust that your pet mouse won't run away but you can still control it by putting it in cage.
Post 12 Mar 2014, 05:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
yeah, agree, i got no control over motion of nature,
since is not something which if either i trust, or i don't trust could change the nature of it.

revolution wrote:

In a system where you have no trust you can still control it. You might have no trust that your pet mouse won't run away but you can still control it by putting it in cage.

but isn't that some sort of trusting that the cage could lock the pet mouse?
Post 12 Mar 2014, 10:46
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17347
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
but isn't that some sort of trusting that the cage could lock the pet mouse?
Sure. In that case you have both trust in the cage system and control over the door mechanism.

The mouse may trust that you will feed it everyday but it has no control over either you or the cage.
Post 12 Mar 2014, 11:10
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8973
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
http://nakedsecurity.sophos.com/2014/03/13/pwn2own-day-one-reader-ie-flash-and-firefox-felled-java-left-standing/

Quote:

Mozilla's Firefox had a bad day, pwned three times at a cost to the sponsors of $150,000.


idk, but i don't think internet is still insane for everybody to use.
Post 16 Mar 2014, 04:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.