NARAYAN KHADKA 9808415891

NARAYAN KHADKA

What is the terminologies in ethical hacking?

Here are a few key terms that you will hear in discussion about hackers and what they do:

1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.

2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.

3-Attack-That action performs by a attacker on a system to gain unauthorized access.

4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.

5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.

6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.

7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.

8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.

9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.

10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.

11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.

12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.

13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.

14-Worms-It is a self reflicating virus that does not alter files but resides in the active memory and duplicate itself.

15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.

16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.

17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.

18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.

19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.

20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.

21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.

22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.

23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.

24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.

25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.

Follow me on instagram-anoymous_adi

Related word

NARAYAN KHADKA

Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.

Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.

On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:

If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.

How to locate main? if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")

And here is our main.main:

The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:

The procedure for locating main.main in stripped binaries is:

1. Click on the entry point and locate the runtime.mainPC pointer:

2. click on runtime.main function (LAB_0042B030):

3. locate the main.main call after the zero ifs:

4. click on it and here is the main:

The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.

In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:

After applying this plugin the main looks like more clear:

This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:

# This script fingerprints the functions
#@author: sha0coder
#@category fingerprinting

print "Fingerprinting..."

import zlib


# loop through program functions
function = getFirstFunction()
while function is not None:
    name = str(function.getName())
    entry = function.getEntryPoint()
    body = function.getBody()
    addresses = body.getAddresses(True)

    if not addresses.hasNext():
        # empty function
        continue 

    ins = getInstructionAt(body.getMinAddress())
    opcodes = ''
    while ins and ins.getMinAddress() <= body.getMaxAddress():
        for b in ins.bytes:
            opcodes += chr(b & 0xff)
        ins = getInstructionAfter(ins)
    
    
    crchash = zlib.crc32(opcodes) & 0xffffffff

    print name, hex(crchash)


    function = getFunctionAfter(function)

Related word

NARAYAN KHADKA

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.

Regarding to the TLSv1.2 RFC, this version of TLS provides a "signature_algorithms" extension for the client_hello.

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address.

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash.

This mean a Segmentation Fault in tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax, byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get David A. Ramos' proof of concept exploit here

Related links