jaybosamiya

Jay's Log aboard Starship Nmap

Stardate 2014-07-20

Sent a mail to Dan regarding the --ignore-after thing. I was right that it should be >= for both the integer and percentage check.

Working on the --ignore-after option.

jaybosamiya

GSoC 2014 Mini Projects

Reducing Zenmap Topology Noise

• Zenmap produces some really noisy Topology views if there are multiple (parallel) anonymous hops.
• For example: a->b->X->c->d, and a->b->X->c->e (where X means anonymous) would cause 2 anonymous nodes to appear.
• Anders Sundman had sent a patch a long time ago for this but it handled only a very small subset of all the possible cases.
• Wrote a patch that handles almost all the cases. Not sure of what to do in two cases so have mentioned it in the mail to list and have asked for feedback.

jaybosamiya

#! /usr/bin/env python

import requests
import shutil
import subprocess
import os

url_form = 'http://localhost:31337/captcha/example6/'
url_submit = url_form + 'submit'
captcha_image_path = 'captcha_image.png'

jaybosamiya

Screenshots of IDA from running the code at this asciinema link.

The generated python files are from the commands:

bap coreutils_O3_uniq --taint-reg='%000026e1' --taint --emit-ida-script-file=tr.py --emit-ida-script-attr=tainted-reg --emit-ida-script
bap coreutils_O3_uniq --taint-reg='%000026e1' --taint --map-terms-with='((taints) (color green))' --map-terms --emit-ida-script-file=c.py --emit-ida-script-attr=color --emit-ida-script

The coreutils_O3_uniq file is taken from BinaryAnalysisPlatform/arm-binaries.

jaybosamiya

How to get IDA Python to work with IDA Demo

Go to the IDAPython binaries page. Download the latest _linux.zip file and extract it. In my case, it was idapython-6.9.0-python2.7-linux.zip. Follow the instructions in its README.txt.

For simplicity, I have copy pasted the relevant portions here:

jaybosamiya

# Install the latest opam and ocaml
sudo add-apt-repository ppa:avsm/ppa
sudo apt-get update
sudo apt-get install ocaml ocaml-native-compilers camlp4-extra opam

# Initialize the right switch in opam, along with version ocaml version 4.02.3
opam init --comp=4.02.3

# Set up the environment variables in the current session
eval `opam config env`

jaybosamiya

Keybase proof

I hereby claim:

• I am jaybosamiya on github.
• I am jaybosamiya (https://keybase.io/jaybosamiya) on keybase.
• I have a public key whose fingerprint is 47C4 D679 0F55 EC5C 0114 1085 EAA6 4080 5DFA 6AFA

To claim this, I am signing this object:

jaybosamiya

IO Netgarage Level9 (Format String Vuln Exploit) Explanation

The vulnerable code

Here's the vulnerable code (/levels/level09.c):

#include <stdio.h>
#include <string.h>

jaybosamiya

IO Netgarage Level 11

Whoo! This was a fun challenge with loads to learn. :)

Understanding the given code

The given code level11.c checks whether the two inputs (as argv[1] and argv[2]) both MD5 hash to the same value or not. If they do, it uses both inputs as brainfuck code, and executes them. Then it checks if the outputs differ. Upon differing outputs, they are checked against the strings "io.sts Rules!" and "io.sts Sucks!". If prog1's output is the first, and prog2's output is the second, we are granted shell.

Understanding the vulnerability

jaybosamiya

Python Autocompletion

Do the following:

M-x package-install RET jedi
M-x jedi:install-server

and then add the following lines to ~/.emacs: