tag:blogger.com,1999:blog-509256158929820534.post5799351477918956049..comments2024-02-26T13:47:02.761-08:00Comments on zerosum0x0: Reverse Engineering Cisco ASA for EXTRABACON Offsetszerosum0x0http://www.blogger.com/profile/00602672270571498662noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-509256158929820534.post-72254331087218570432017-05-19T00:39:48.649-07:002017-05-19T00:39:48.649-07:00Great!Thank you so much for your great work!Great!Thank you so much for your great work!gggreathttp://www.exploit-db.comnoreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-59391402466191489432017-02-07T08:15:39.190-08:002017-02-07T08:15:39.190-08:00Haven't looked into it but I wouldn't rule...Haven't looked into it but I wouldn't rule it out without properly fuzzing it.zerosum0x0https://www.blogger.com/profile/00602672270571498662noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-22968809849703810372016-10-07T02:00:16.950-07:002016-10-07T02:00:16.950-07:00What are your thoughts about porting the exploit t...What are your thoughts about porting the exploit to SNMP v1 / v3 ? Is it doable or rather it's like looking for a completely new vulnerability?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-91959544835264285392016-10-01T03:53:28.671-07:002016-10-01T03:53:28.671-07:00Thank you for the writeup. What you have uncovered...Thank you for the writeup. What you have uncovered is shocking but enlightening.Anonymoushttps://www.blogger.com/profile/05191515879361718300noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-71813996828266740982016-09-30T08:24:52.914-07:002016-09-30T08:24:52.914-07:00Yea we did the vast majority of testing for the Me...Yea we did the vast majority of testing for the Metasploit module (which contains about 20 other versions so far) on just a basic "boot system" .bin config.zerosum0x0https://www.blogger.com/profile/00602672270571498662noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-23710622424947558742016-09-29T17:56:58.026-07:002016-09-29T17:56:58.026-07:00Have you tried running it against a fresh asa box ...Have you tried running it against a fresh asa box or undoing the changes made for remote debugging so that it starts up normallyHellworldhttps://www.blogger.com/profile/14697617357857181245noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-28862371739469861862016-09-29T08:44:29.082-07:002016-09-29T08:44:29.082-07:00From Zach:
Happens when either: you don't set...From Zach:<br /><br />Happens when either: you don't set the baud rate correct (it's 9600), or the lina binary for some versions does this....if you're getting junk spewing into the terminal before connecting to gdb it most likley isn't going to work.zerosum0x0https://www.blogger.com/profile/00602672270571498662noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-66430980721212268362016-09-29T02:51:49.685-07:002016-09-29T02:51:49.685-07:00Hi,
Nice post!
Have you ever tried to attach the ...Hi,<br /><br />Nice post!<br />Have you ever tried to attach the lina binary to gdb?<br />I'm stuck with the following error.<br />Some clue?<br /><br /># cat .gdbinit<br />set debug remote 1<br />set disassembly-flavor intel<br />target remote /dev/ttyUSB0<br /><br /># gdb<br />Sending packet: $Hc-1#09...putpkt: Junk: n.<br />Remote debugging using /dev/ttyS0<br />readchar: Input/output error<br />Remote side has terminated connection. GDBserver will reopen the connection.<br />Remote debugging using /dev/ttyS0<br />readchar: Input/output error<br />Remote side has terminated connection. GDBserver will reopen the connection.<br />Remote debugging using /dev/ttyS0<br />readchar: Input/output errorAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-87874544899763223102016-09-18T20:17:51.808-07:002016-09-18T20:17:51.808-07:00Yea the disassembler had trouble with that one, bu...Yea the disassembler had trouble with that one, but the offset it's calling is loc_036. The pop esi instruction.zerosum0x0https://www.blogger.com/profile/00602672270571498662noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-35018827234554314052016-09-18T20:11:01.392-07:002016-09-18T20:11:01.392-07:00loc_039 is a little unclear. (step 3)
is 'call...loc_039 is a little unclear. (step 3)<br />is 'calling -#' to offset 36? (step 4)Anonymoushttps://www.blogger.com/profile/06884976885058662615noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-27379115797669546242016-09-18T19:59:45.894-07:002016-09-18T19:59:45.894-07:00excellent excellent showrun.lee@gmail.comhttps://www.blogger.com/profile/06800331408447980928noreply@blogger.comtag:blogger.com,1999:blog-509256158929820534.post-9750262526946246512016-09-18T14:42:38.571-07:002016-09-18T14:42:38.571-07:00Reading posts like this always excites me :) good ...Reading posts like this always excites me :) good stuff man!Jonhttp://ch3rn0byl.comnoreply@blogger.com