Quick POC on detecting hyper-visors using redundant rep prefixes

- 
// ------------------------------------------------------------------------------
// THE BEER-WARE LICENSE (Revision 43):
// <aaronryool@gmail.com> wrote this file. As long as you retain this notice you
// can do whatever you want with this stuff. If we meet some day, and you think
// this stuff is worth it, you can buy me a beer in return
// ------------------------------------------------------------------------------

#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/mman.h>

int main(unsigned a);

__sighandler_t handler(int sig)  // our signal handler function
{
 switch(sig)
 {
  case SIGSEGV:  // when segfaults happen
   main(0xC0DE); // assume they have to be because of the bug and tell us we are in the matrix
  break;
 }
}

int main(unsigned a)
{
 if(a==0xC0DE) goto irl;  // if this shit is from a segfault, we are in real life :(
 signal(SIGSEGV, &handler); // register the segfault signal to be caught by our handler
 
asm(
        ".intel_syntax noprefix\n"
        "xor ecx, ecx\n" // we arent actually copying anything, so the counter is zero
        ".byte 0xf3, 0xf3, 0xf3, 0xf3, 0xf3\n" // redundant rep prefixes
        ".byte 0xf3, 0xf3, 0xf3, 0xf3, 0xf3\n" // ...
        ".byte 0xf3, 0xf3, 0xf3, 0xf3, 0xf3\n" // ...
        ".byte  0xa4\n" // movsb
);
 puts("The Matrix haz you Neo..."); // this is where you would put ninja moves, jack in or jack off, your choice ;)
 exit(1);
irl:
 puts("Isn't real life boring?"); // if we get here, this is boring reality :( no cool ninja moves today bro lol
 exit(0);
}

Comments

Post a Comment

Popular posts from this blog

What is a canary, how does it work, and what does that mean if I want to write a modern exploit.

-
Image
Canaries were  once regularly used  in  coal mining as an early warning system . Toxic gases such as carbon monoxide or asphyxiant gases such as methane  in the mine  would kill the bird before affecting the  miners . Signs of distress from the bird indicated  to  the  miners  that conditions  were  unsafe . Let's start with some history Oh the good old days. I remember a time when hackthissite.org , and  Smash The Stack  were fresh, and BOF's were often as easy as shoving your shellcode where the buffer was supposed to be and overwriting the return pointer with where that buffer was... Then they had to go and ruin the fun by widely adopting ASLR (Address Space Layout Randomization), DEP (Data execution protection), and  canaries  (stack cookies). Now in these dark times not only do we have to ROP with return to libc, we have to chain that with a memory leak vulnerability if we have any hope of  smashing the stack. While I plan to do posts soon covering all of these exciti
Read more

Better visualization of data formats using assembly POC's to better implement them in C

-
Image
Are you tired of staring at hex dumps, white papers and manual pages? Want to feel like you truly know how a data type like a file format, or a disk partition LOOKS like. Well I can't help you with the manual pages and white papers, ( https://staff.washington.edu/dittrich/misc/fatgen103.pdf , http://www.eit.lth.se/fileadmin/eit/courses/eitn50/Projekt1/FAT12Description.pdf ) but here is a great example of implementing a fat12 floppy image in assembly. ;//////////////////////////////////////////////////////////////////////////////// ;// THE SCOTCH-WARE LICENSE (Revision 0): ;// <aaronryool@gmail.com> wrote this file. As long as you retain this notice you ;// can do whatever you want with this stuff. If we meet some day, and you think ;// this stuff is worth it, you can buy me a shot of scotch in return ;//////////////////////////////////////////////////////////////////////////////// ; This assembles to a floppy disk image [bits 16] [org 0x7C00] ;;;;;;;;;;;;;;;;;
Read more

Putting Linux on your Android device using debootstrap and chroot

-
Image
Ok, so first thing first. You will need a few things done BEFORE you attempt this tutorial: A rooted android device of sorts with debugging enabled and busybox installed An sdcard to store the debian image on A Linux machine (or live cd) to prepare the debian system image ADB for remounting the system partition and pushing startup scripts A terminal application installed on your droid and about an hour of free time Lets get right into it open up a terminal, and make a directory that you will be storing all of the files and things we create for easy cleanup later. I called mine linux_on_android. change to that directory, all instructions from here on out will be relative to whatever directory you are currently residing in after this step. Next, we create an empty raw disk image, make a directory to mount it under, create a filesystem on the image, and mount it under our new mount point. Now lets change into our mnt directory, install debootstrap, and use it to install a base system into
Read more