flat assembler
Message board for the users of flat assembler.

Index > Heap > FASM online

Goto page Previous  1, 2, 3  Next
Author
Thread Post new topic Reply to topic
rCX



Joined: 29 Jul 2007
Posts: 166
Location: Maryland, USA
rCX
Very Cool!

Will it be able to make .com's? It seems to make only .exe's?
Post 01 Sep 2007, 18:14
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
Code:
 use16
 format binary as "COM"
 org $100
 mov dl,65
 mov ah,2
 int $21
 ret
     


Missnamed, but otherwise works for me. Laughing

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 01 Sep 2007, 19:55
View user's profile Send private message Reply with quote
rCX



Joined: 29 Jul 2007
Posts: 166
Location: Maryland, USA
rCX
Oh ok... Embarassed
Post 02 Sep 2007, 04:13
View user's profile Send private message Reply with quote
Artlav



Joined: 23 Dec 2004
Posts: 188
Location: Moscow, Russia
Artlav
Good idea.

It seems to be windows-oriented.
I tried to assemble ELF object and it still gives exe-named output.
It could be a good idea to make it something more neutral - to avoid filters, for example.

Also, the extrn symbols are made lower-case too, which gives linker problems.
Post 02 Sep 2007, 12:15
View user's profile Send private message Visit poster's website Reply with quote
lehox



Joined: 06 Aug 2007
Posts: 16
lehox
Just another security issue:

Quote:

include "/etc/passwd"

==============================
assembles to:
$ fasm ./temp/code1189009039.asm ./temp/code1189009039.exe
flat assembler version 1.67.22 (16384 kilobytes memory)
/etc/passwd [1]:
root:x:0:0:root:/root:/bin/bash
error: invalid name.

EAX=2 There appears to have been an error in your code!

Note that offered files will be automatically deleted at 1:00 am GMT+2.
Post 05 Sep 2007, 16:17
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
It is exactly the same security issue I said and actually you can get more data with a little patience. I PMed him how to do it but I'll not publish it here until he fixes this issue.
Post 05 Sep 2007, 16:23
View user's profile Send private message Reply with quote
lehox



Joined: 06 Aug 2007
Posts: 16
lehox
Well just another thing..
As I see the entry of /etc/passwd says root:x:0:0:/root:/bin/bash
which probably means that linux machine has only one user account (root).
Well running programs as root is a security issue.

DustWolf:
My idea is:
Create an chroot environment (jail) for fasm and change all file rights.
Let fasm access only files in e.g. /webroot/ if you need some help I can help you
putting the whole thing into an chroot environment.
Post 05 Sep 2007, 16:45
View user's profile Send private message Reply with quote
UCM



Joined: 25 Feb 2005
Posts: 285
Location: Canada
UCM
Uhh, FASM exits immediately after showing an error, and disregards any lines after. So, there are more accounts, unless the person managing this server has... absolutely no idea of what he/she is doing.
Post 05 Sep 2007, 21:33
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Yes, there are many more. Actually most of them are the ones that are typically included (like bin, daemon, etc).
Post 05 Sep 2007, 21:51
View user's profile Send private message Reply with quote
lehox



Joined: 06 Aug 2007
Posts: 16
lehox
Well but bin, daemon, sound, users and the other users typically are shown in /etc/passwd
Post 05 Sep 2007, 23:03
View user's profile Send private message Reply with quote
UCM



Joined: 25 Feb 2005
Posts: 285
Location: Canada
UCM
They ARE in /etc/passwd! You just don't see them! FASM ONLY SHOWS THE FIRST OFFENDING LINE, NO MORE (unless macros are involved.) READ THE MANUAL.

Sorry, I got annoyed. Please, read my post carefully...


Oh, and, concerning the service itself:
Code:
macro hello {
 display 'hello'
}
hello
    

becomes
Code:
 hello {
 display 'hello'
}
hello
    

which causes an error.
Post 05 Sep 2007, 23:28
View user's profile Send private message Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
UCM wrote:
Oh, and, concerning the service itself:
Code:
macro hello {
 display 'hello'
}
hello
    

becomes
Code:
 hello {
 display 'hello'
}
hello
    

which causes an error.


That is intentional. The Macro instruction can be used to get the other lines. Wink
Post 07 Sep 2007, 11:46
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
lehox wrote:
DustWolf:
My idea is:
Create an chroot environment (jail) for fasm and change all file rights.
Let fasm access only files in e.g. /webroot/ if you need some help I can help you
putting the whole thing into an chroot environment.


Yes I've considered that before. The problem is that in linux, only root can actually do a chroot and my script runs as the www-data user due to the way PHP is put togather. I also can't use the PHP chroot() command since it'd need a recompile of the PHP engine and I sortof prefer to have something I can upgrade automatically.

I'd guess there are a few more options but I'm not aware of them ATM.

EDIT: If you can help me set it up, I'm all ears. I HAVE root access, the web server doesn't.


Last edited by DustWolf on 07 Sep 2007, 17:57; edited 1 time in total
Post 07 Sep 2007, 11:50
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
Artlav wrote:
Good idea.

It seems to be windows-oriented.
I tried to assemble ELF object and it still gives exe-named output.
It could be a good idea to make it something more neutral - to avoid filters, for example.


Can't quite blame a Linux server of being windows-centered. The thing outputs an EXE so that there is no issue with the MIME matching. Basically, if the file were extension-less, Apache and your browser would work togather to Display it to you rather than offer it for download.

I was considering adding some automatic compressing in order to avoid that problem but then the issue of portability again: Which compression format to use?!

Besides "chmod +x blabla.exe" and "./blabla.exe" works fine in linux. Smile

Artlav wrote:
Also, the extrn symbols are made lower-case too, which gives linker problems.


That's one of the security measures. I might work around them a bit later, just remembered I didn't have to assemble using the same string I abuse-checked.
Post 07 Sep 2007, 11:55
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Oh, that was your workaround then. OK, here the "exploit"
Code:
macro root[a]{} 
macro daemon[a]{} 
include '/etc/passwd'       

Quote:
$ fasm ./temp/code1188529049.asm ./temp/code1188529049.exe
flat assembler version 1.67.22 (16384 kilobytes memory)
/etc/passwd [3]:
bin:x:2:2:bin:/bin:/bin/sh
error: invalid name.
Post 07 Sep 2007, 14:08
View user's profile Send private message Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
Fixed the lowercase workaround. Your code now retains it's case.

Also fixed the output file extension workaround. Now you get a ZIP file to download, which contains your program and the source code. This also paritally fixes the issue with filling up the server HDD with empty rbs, since they compress wonderfully.

Still working on the includes issue... What is the environment variable that FASM uses to see where to find it's includes? In Linux?
Post 07 Sep 2007, 17:29
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
UCM



Joined: 25 Feb 2005
Posts: 285
Location: Canada
UCM
Still $INCLUDE.
Post 08 Sep 2007, 02:57
View user's profile Send private message Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
Thanks. Includes should work now.

Use lowercase. Please test. ^^
Post 08 Sep 2007, 23:14
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
lehox



Joined: 06 Aug 2007
Posts: 16
lehox
well..

Found other thing..

Code:
format binary as "something.php"
db '<?PHP phpinfo(); ?>' ;Already fixed

display '<h1>Hello World, do you see this?</h1><script language="javascript">alert("Cross site scripting...");</script>'        
    


If I will find some time I will help you to put it in a chroot environment and make it secure.
Post 11 Sep 2007, 07:50
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
lehox: cool Cool
Post 11 Sep 2007, 13:46
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.