Thursday, November 25, 2004

GCC -mpreferred-stack-boundary=num

Another thing to keep in mind when dealing with exploits is the stack alignement so here is little info that may help you:


Attempt to keep the stack boundary aligned to a 2 raised to num byte boundary. If -mpreferred-stack-boundary is not specified, the default is 4 (16 bytes or 128 bits), except when optimizing for code size (-Os), in which case the default is the minimum correct alignment (4 bytes for x86, and 8 bytes for x86-64).

On Pentium and PentiumPro, double and long double values should be aligned to an 8 byte boundary (see -malign-double) or suffer significant run time performance penalties. On Pentium III, the Streaming SIMD Extension (SSE) data type __m128 suffers similar penalties if it is not 16 byte aligned.

To ensure proper alignment of this values on the stack, the stack boundary must be as aligned as that required by any value stored on the stack. Further, every function must be generated such that it keeps the stack aligned. Thus calling a function compiled with a higher preferred stack boundary from a function compiled with a lower preferred stack boundary will most likely misalign the stack. It is recommended that libraries that use callbacks always use the default setting.

This extra alignment does consume extra stack space, and generally increases code size. Code that is sensitive to stack space usage, such as embedded systems and operating system kernels, may want to reduce the preferred alignment to -mpreferred-stack-boundary=2."

Tuesday, November 23, 2004

SecurityForest ExploitTree

I started working on the ExploitTree, what is this? it is an extensive collection of exploits(2250), it pretends to be the largest and best organized collection available. It works trough CVS, there is a perl client to work with it ( How can you help? creating a user, and downloading a .zip file with 25 exploits, and classifying them into the ExploitTree estructure, then you update de ExploitTree! it's easy and you learn in the process. Check more in

Buffer Overflow and Fedora Core 3

I was trying some buffer overflow examples in my Fedora Core 3, and after hitting the wall for about 3 hours i found that fedora core 3 has a stack proctection (exec-shield) enabled, so one way to disable it is "sysctl -w kernel.exec-shield=0" or "echo 0 > /proc/sys/kernel/exec-shield".

(beware that now you machine is vulnerable to Buffer overflows).

Note: This also apply to Fedora Core 2.

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...