Posts on MUGUREL

Vuln 1001

Tue, 06 May 2025 00:00:00 +0000

01 Introduction

Vulnerability Types

Heap out of bounds
Use after free
Type confusion
Uninitialized use

Terms

ACID (Attacker Controlled Input Data) tainted date

ACID is a term used to describe the input data that an attacker can control.

Shellcode

Shellcode means a piece of code that an attacker wants user to execute.

#Exploit Primitives

Exploit primitives are the basic building blocks of an exploit. They are the fundamental techniques that an attacker can use to gain control of a system or application.

Example

Overwrite of return address
Overwrite of other local variables
Overwrite of heap data

Exploit Chain

This means that an attacker can use multiple exploit primitives together to create a more complex exploit.

Zero Day

A zero-day vulnerability is a security flaw that is unknown to the vendor and has not been patched. Attackers can exploit these vulnerabilities before the vendor releases a fix, making them particularly dangerous.

N-day

An N-day vulnerability is a security flaw that has been publicly disclosed and for which a patch is available. Attackers can exploit these vulnerabilities if users do not apply the patch in a timely manner.

Attack Surface

The attack surface is the totality of all the points in a system that an attacker can use to gain access to the system. This includes all the inputs, outputs, and interfaces that an attacker can use to interact with the system.

Sploity Sens

Sploity sens is a term used to describe when an vulnerability hunters develop a 6 sence to detect vulnerabilities. When they see so many vulnerabilities, they start to see patterns and can identify potential vulnerabilities more easily.

Words of Power

Parse
Decode
Convert
Deserialize
Interpret
Decompress

Program Paranoid

If you are not paranoid they ara out the get you.

02 Stack Buffer Overflow

What is a stack buffer overflow?

A stack buffer overflow is a type of vulnerability that occurs when a program writes more data to a buffer on the stack than it can hold. This can lead to overwriting adjacent memory locations, including the return address of a function, which can allow an attacker to execute arbitrary code.

Common causes of stack buffer overflows

Using unsafe functions like strcpy, strcat, and sprintf that do not check the size of the destination buffer.
Sequentially data writes with in a loop with an ACID loop condition.

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[])
{
 char buffer[8];
 strcpy(buffer, argv[1]); // Vulnerable to stack buffer overflow
 printf("Buffer: %s\n", buffer);
}

Kernel Module Programming

Thu, 17 Apr 2025 00:00:00 +0000

What is kernel?

What is kernel module?

Initial setup for debugging

Commands about kernel modules

lsmod # List loaded kernel modules
modinfo <module_name> # Show information about a kernel module
insmod <module_name> # Load a kernel module
rmmod <module_name> # Unload a kernel module
dmesg <module_name> # Show messages from a kernel module
dmesg -W # wait for new messages
dmesg -w # Show all pass messages from a kernel module and wait for new messages
modprobe <module_name> # Load a kernel module and its dependencies

KFS

Thu, 17 Apr 2025 00:00:00 +0000

KFS-1

KFS Nedir?

KFS (Kernel From Scratch) tamamen sıfırdan bir kernel yazma projesidir. Bu proje ile birlikte kernel ve bilgisayar hardware konusunda bir çok bilgi edinilebilir.

GRUB

GRUB Nedir?

GRUB (GRand Unified Bootloader) bir bootloader’dir. Bilgisayar açılırken işletim sistemini yüklemek için kullanılır.
GRUB, bir çok işletim sistemini destekler.

STAND Alone binary

STAND Alone binary Nedir?

STAND Alone binary, bir işletim sistemi olmadan çalışabilen bir binary’dir. Bu binary, işletim sistemi olmadan çalışabilir.

Multiboot

VGA

VGA Nedir?

VGA çipi eski bir standart lakin hala güncel ekran kartlarında desteklenmeye devam ediyor. Bu sebeple bunun için bir driver yazmak çekici bir durum.

VGA Nasıl çalışır?

GDT

GDT Nedir?

GDT (Global Descriptor Table) bir bellek yönetim tablosudur. Bu tablo, bellek yönetimi için kullanılır.

GDT Nasıl çalışır?

IDT

IDT (Interrupt Descriptor Table) bir kesme yönetim tablosudur. Bu tablo, kesme yönetimi için kullanılır.

VKM

Thu, 17 Apr 2025 00:00:00 +0000

Initial setup for debugging

Install the VKM project for our vurnable kernel module.

git clone https://github.com/ft-mugurel/VKM.git
cd VKM

Now we need an kernel with debugging enabled.

Install the linux kernel.

wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.8.tar.xz
tar xvf linux-6.8.tar.xz
mv linux-6.8 linux
cd linux

Create the default configuration file.

make defconfig
make kvm_guest.config

Enable the following options by adding them to the .config file:

# Coverage collection.
CONFIG_KCOV=y

# Debug info for symbolization.
CONFIG_DEBUG_INFO_DWARF4=y

# Memory bug detector
CONFIG_KASAN=y
CONFIG_KASAN_INLINE=y

# Required for Debian Stretch and later
CONFIG_CONFIGFS_FS=y
CONFIG_SECURITYFS=y

Or just run the following command: