My security related papers and codes

My papers

Advanced buffer overflow exploit

Nowadays there are many buffer overflow exploit codes. The early buffer overflow exploit codes only spawn a shell ( execute /bin/sh ). However, nowadays some of the buffer overflow exploit codes have very nice features. For example, passing through filtering, opening a socket, breaking chroot, and so on. This paper will attempt to explain the advanced buffer overflow exploit skill under intel x86 linux.

Buffer overflow exploit in the alpha linux

There are many exploit code of buffer overflow. However, most of the codes works well only in the intel x86 linux. This paper will attempt to explain how you exploit same bug in the alpha linux.

How could I hack level2 of the security olymfair 2001?

Unixian told me to help himself to hack level2 of the security olymfair 2001, which is hacking competetion held in Korea. Therefore, I helped him to pass level2 because I am his good friend. :))
Level2 of the security olymfair 2001 is not hard for the professional hacker. The admin just make a intentional bug and the hackers try to exploit the bug. Therefore, this problem may not be interesting for the professional hacker. If you are a professional hacker, please just ignore this article. Thanks. :)

java.security.AccessController can cause Sun derived JVM to crash.

personal java 3.1, jdk 1.2.2, jdk 1.3.1, jdk 1.4rc1 can be crashed with java.security.AccessController by segmentation violation. This simple technique can be abused such as denial of service attack in every environment where the Sun JVM is used.

My exploit codes

ohhara-xterm-xrm-ex.c

ohhara-suidperl-ex.c

ohhara-smbd-ex.c

ohhara-mutt-ex.c

ohhara-imapd-ex.c

ohhara-mountd-ex.c

ohhara-ftpd-ex.c

ohhara-xterm-termcap-ex.c

ohhara-vixie-ex.sh

ohhara-amd-ex.c

My tools

ohhara-rootkit.tar.gz

About ohhara-rootkit

pcaptest.tar.gz

Example program of packet capture with pcap library. It will be useful if you want to make your own sniffer program.
Home
ohhara@postech.edu