Archive for March, 2011

Important Stuff

Posted by scriptjunkie in Uncategorized on March 31, 2011

I am adding a page Important Stuff with some thoughts on non-information-security stuff. As fun and interesting as hacking is, there are more important sides of life. So I summarized just four of the reasons why I believe what I believe, and a bit of what that means. As you may know, I am a […]

No Comments

Java_signed_applet with RJB

Posted by scriptjunkie in Exploits, Metasploit on March 6, 2011

I just wasted a lot of time trying to get the java_signed_applet exploit module working in Metasploit. Not that it doesn’t work by default, but you will get the warning [-] [-] The JDK failed to initialized: no such file to load — rjb [-] In order to dynamically sign the applet, you must install […]

applet, gem, java, java_signed_applet, Metasploit, rjb, ruby

No Comments

Finding non-ASLR or DEP modules

Posted by scriptjunkie in Exploits on March 1, 2011

As the recent exploits for IE using the .NET 2.0 DLL demonstrate, sometimes a non-ASLR DLL to enable an exploit is just a LoadLibrary away. So if pvefindaddr won’t give you any ASLR-free DLL’s in memory, look for other DLL’s which the process will load, given the right input. Or from a system-hardening or development […]

ASLR, DEP, DYNAMIC_BASE, EMET, exploit, find, NX_COMPAT, pefinder

1 Comment

Thoughts on Security

Archive for March, 2011

Important Stuff

Java_signed_applet with RJB

Finding non-ASLR or DEP modules

Featured Posts

Categories

Archives