About This BookA step by step tutorial to getting your Joomla! CMS website up fastThis book has now been updated to the latest 1.5 releaseWalk through each step in a friendly and accessible wayCustomize and extend your Joomla! siteGet your Joomla! website up fastWho This Book Is ForThis book is suitable for web developers, designers, webmasters, content editors and marketing professionals who want develop a fully featured web presence in a simple and straightforward process. It does not require any detailed knowledge of programming or web development, and any IT confident individual will be able to use the book to produce an impressive web site.What You Will LearnThe book begins by introducing Joomla! and concepts behind content management. Then the installation of Joomla!, and its supporting software [Apache/MySQL/PHP] is covered clearly and simply. Once you have the installation up and running, we then take a tour of Joomla! as it appears out of the box, to familiarize ourselves with how it works and what is what. As you take the tour, your own ideas for what you need in your new website begin to crystallize around what you can see Joomla! is capable of. We then build our web application, using only the features of Joomla! we really need. Once we have a base version of our site up, we then learn how to change its appearance and feature set to suit our particular requirements, including bringing it into line with an established corporate identity. At the end of the book we show how you can add your own extensions to Joomla!.In DetailJoomla! is a fully featured web content management system and was created in Summer 2005 as a fork from the hugely popular Mambo CMS with many of the original Mambo developers moving their efforts to Joomla! While still in its first release, it is supported by an active and well organized open source development team and community. Joomla! is both easy to use at the entry level for creating basic websites, whilst having the power and flexibility to support complex web applications. Joomla! implements the core requirements of a full-featured CMS. It has a powerful and extensible templating system with the ability to upload and manage many different data types. User access control, content approval, rich administrative control, and content display scheduling are all built-in. New features and extensions are constantly added to the core system, with many more being available and supported by the communityStyle and approachThis book focuses on taking you through the essential tasks to create a Joomla! site as fast as possible. These essential tasks are explained clearly, with well structured step-by-step instructions. The book does not aim to cover every feature of Joomla! nor is it a comprehensive guide to extending Joomla!. Almost everything in the book is accomplished without recourse to the underlying PHP code in which Joomla! is written. The book is very readable and the author has a particularly chatty and engaging writing style. Buffer Overflow Attacks: Detect, Exploit, Prevent......Page 1 Contents......Page 12 Foreword......Page 22 Part 1 Expanding on Buffer Overflows......Page 24 Introduction......Page 26 The Challenge of Software Security......Page 27 Microsoft Software Is Not Bug Free......Page 29 The Increase in Buffer Overflows......Page 31 Madonna Hacked!......Page 33 Hardware......Page 35 Software......Page 36 Security......Page 41 Solutions Fast Track......Page 43 Frequently Asked Questions......Page 46 Introduction......Page 48 The Tools......Page 49 The Assembly Programming Language......Page 50 Analysis......Page 51 Analysis......Page 52 Windows vsUnix Assembly......Page 54 Analysis......Page 55 Pushing the Arguments......Page 56 The NULL Byte Problem......Page 57 System Call Numbers......Page 58 Analysis......Page 59 Analysis......Page 60 Port-Binding Shellcode......Page 61 Analysis......Page 63 execve Shellcode......Page 64 setuid Shellcode......Page 66 chroot Shellcode......Page 67 Solutions Fast Track......Page 72 Mailing Lists......Page 74 Frequently Asked Questions......Page 75 Introduction......Page 78 Shellcode Examples......Page 79 The Write System Call......Page 81 Analysis......Page 83 Analysis......Page 84 Analysis......Page 86 Analysis......Page 87 Analysis......Page 89 Analysis......Page 91 Analysis......Page 93 Analysis......Page 94 Port-Binding Shellcode......Page 95 Analysis......Page 96 Analysis......Page 98 Analysis......Page 99 Analysis......Page 100 Analysis......Page 101 Analysis......Page 104 Reverse Connection Shellcode......Page 106 Analysis......Page 108 Socket Reusing Shellcode......Page 110 Analysis......Page 111 Analysis......Page 112 Analysis......Page 114 Analysis......Page 115 Analysis......Page 116 Analysis......Page 117 Analysis......Page 118 Encoding Shellcode......Page 119 Analysis......Page 120 Analysis......Page 122 Analysis......Page 124 Open Source Programs......Page 125 Analysis......Page 126 Closed Source Programs......Page 127 Analysis......Page 128 OS-Spanning Shellcode......Page 129 Understanding Existing Shellcode......Page 130 Analysis......Page 132 Solutions Fast Track......Page 135 Links to Sites......Page 136 Frequently Asked Questions......Page 137 Introduction......Page 140 Application Memory Layout......Page 141 Application Structure......Page 143 Memory Allocation-Stack......Page 144 Memory Allocation-Heap......Page 145 Heap Structure......Page 146 Registers......Page 147 Other General-Purpose Registers......Page 148 Operations......Page 149 Hello World......Page 150 Summary......Page 152 Solutions Fast Track......Page 153 Frequently Asked Questions......Page 154 Section 1 Case Studies......Page 155 Overview......Page 156 Exploitation Code Dump......Page 157 Analysis......Page 159 References......Page 160 Overview......Page 161 Exploitation Code Dump......Page 162 References......Page 164 Overview......Page 165 Code Dump......Page 166 Analysis......Page 167 Application Defense Hackh Code Dump......Page 168 Analysis......Page 174 References......Page 175 Overview......Page 177 Exploit Code......Page 178 Analysis......Page 180 References......Page 181 Part II Exploiting Buffer Overflows......Page 182 Introduction......Page 184 Intel x86 Architecture and Machine Language Basics......Page 186 Registers......Page 187 Stacks and Procedure Calls......Page 188 Storing Local Variables......Page 190 Introduction to the Stack Frame......Page 195 Passing Arguments to a Function......Page 196 Stack Frames and Calling Syntaxes......Page 203 Process Memory Layout......Page 204 Stack Overflows and Their Exploitation......Page 206 Simple Overflow......Page 208 Writing Overflowable Code......Page 212 Disassembling the Overflowable Code......Page 213 General Exploit Concepts......Page 215 Buffer Injection Techniques......Page 216 Methods to Execute Payload......Page 217 Designing Payload......Page 221 What Is an Off-by-One Overflow?......Page 227 gets() and fgets()......Page 234 strcpy() and strncpy(), strcat(), and strncat()......Page 235 sscanf(), vscanf(), and fscanf()......Page 236 Other Functions......Page 237 Challenges in Finding Stack Overflows......Page 238 Lexical Analysis......Page 240 Semantics-Aware Analyzers......Page 241 OpenBSD 28 ftpd Off-by-One......Page 243 Apache htpasswd Buffer Overflow......Page 244 Summary......Page 245 Solutions Fast Track......Page 247 Links to Sites......Page 248 Frequently Asked Questions......Page 250 Introduction......Page 252 Simple Heap Corruption......Page 253 Using the Heap-malloc(), calloc(), realloc()......Page 254 Simple Heap and BSS Overflows......Page 255 Corrupting Function Pointers in C++......Page 258 Overview of Doug Lea malloc......Page 261 Memory Organization-Boundary Tags, Bins, Arenas......Page 262 The free() Algorithm......Page 267 Fake Chunks......Page 269 Example Vulnerable Program......Page 271 Exploiting frontlink()......Page 273 Off-by-One and Off-by-Five on the Heap......Page 274 System V malloc Operation......Page 275 Tree Structure......Page 276 Freeing Memory......Page 278 The realfree() Function......Page 280 The t_delete Function-The Exploitation Point......Page 283 Fixing Heap Corruption Vulnerabilities in the Source......Page 286 Summary......Page 289 Solutions Fast Track......Page 290 Links to Sites......Page 291 Frequently Asked Questions......Page 293 Introduction......Page 296 C Functions with Variable Numbers of Arguments......Page 297 Ellipsis and va_args......Page 298 Functions of Formatted Output......Page 301 printf() Example......Page 303 Format Tokens and printf() Arguments......Page 304 Types of Format Specifiers......Page 305 Abusing Format Strings......Page 307 Playing with Bad Format Strings......Page 309 Direct Argument Access......Page 310 Reading Memory......Page 311 Simple Writes to Memory......Page 314 Multiple Writes......Page 317 Finding Format String Bugs......Page 319 What to Overwrite......Page 322 Destructors in dtors......Page 323 Global Offset Table entries......Page 325 Structured Exception Handlers......Page 327 Operating System Differences......Page 328 Application Defense!......Page 331 The Whitebox and Blackbox Analysis of Applications......Page 332 Solutions Fast Track......Page 334 Links to Sites......Page 336 Frequently Asked Questions......Page 337 Introduction......Page 340 Basic Stack Overflow......Page 341 Analysis......Page 345 Writing Windows Shellcode......Page 350 Overcoming Special Characters (Example: NULL)......Page 356 Client Server Application......Page 361 Using/Abusing the Structured Exception Handler......Page 373 Solutions Fast Track......Page 378 Frequently Asked Questions......Page 380 Section 2 Case Studies......Page 381 Overview......Page 382 Exploit Code......Page 383 Analysis......Page 385 References......Page 386 Overview......Page 387 Exploitation Details......Page 388 The Complication......Page 389 Analysis......Page 390 Much Improved... but More to Come!......Page 391 Complete Exploit Code for OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow......Page 392 References......Page 398 Overview......Page 399 XLOCALEDIR Vulnerability Details and Analysis......Page 400 Exploitation Code Dump......Page 402 References......Page 404 Overview......Page 405 Code Dump......Page 406 Analysis......Page 408 Application Defense Hackh Code Dump......Page 409 Analysis......Page 415 References......Page 417 Overview......Page 418 Exploit Code......Page 419 Analysis......Page 420 References......Page 422 Part III Finding Buffer Overflows......Page 424 Introduction......Page 426 Source Code Analysis......Page 427 Application Defense Snapshot......Page 429 RATS......Page 431 Flawfinder......Page 435 Flawfinder Text Output......Page 437 ITS4......Page 440 Application Defense-Enterprise Developer......Page 441 Architecture and Deployment......Page 446 Vulnerability Knowledgebase......Page 447 Using CodeAssure......Page 448 Performing the Analysis......Page 450 Vulnerability Review and Reporting......Page 451 Managing Results......Page 453 Ounce Labs......Page 455 Prexis' Science of Automated Analysis......Page 456 Prexis Reporting and Remediation Capabilities......Page 457 Prexis in Action......Page 458 Running an Assessment......Page 459 Examining Assessment Results......Page 460 Remediation......Page 461 Fortify Software......Page 463 Using the Source Code Analysis Engine......Page 464 Integrating with the Build Process......Page 465 Understanding the Raw Output......Page 466 Audit Workbench......Page 467 Audit Guide......Page 468 Software Security Manager......Page 470 Summary......Page 472 Solutions Fast Track......Page 473 Links to Sites......Page 475 Frequently Asked Questions......Page 476 Section 3 Case Studies......Page 477 Overview......Page 478 Analysis......Page 479 References......Page 480 Overview......Page 481 Inline Egg Code......Page 482 Analysis......Page 483 References......Page 484 Exploitation Code Dump......Page 485 Analysis......Page 490 References......Page 492 Overview......Page 493 Exploitation Code Dump......Page 494 Analysis......Page 497 References......Page 498 Appendix A The Complete Data Conversion Table......Page 500 close( filedescriptor )......Page 508 socketcall(callnumber, arguments )......Page 509 accept ( file descriptor, sockaddr struct, size of arg 2 )......Page 510 Index......Page 512 "Special Ops is an adrenaline-pumping tour of the most critical security weaknesses present on most any corporate network today..."
—Joel Scambray, Senior Director, Microsoft’s MSN, and Co-Author, Hacking Exposed Fourth Edition, Windows 2000, and Web Hacking Editions
"Special Ops has brought some of the best speakers and researchers of computer security together to cover what you need to know to survive in today’s net."
—Jeff Moss, President & CEO, Black Hat, Inc.
"Special Ops brings perspective from today’s best computer security minds into a single, enormously informative book."
—Mike Schiffman, Director of Security Architecture, @stake, Inc., and Author of Building Open Source Network Security Tools and The Hacker’s Challenge Series
Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle provides solutions for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? Have you considered the damage that could be done by recently laid-off or disgruntled employees, contractors and consultants, building security guards, cleaning staff, and of course the unsecured wireless network? This is the one book you need to defend the soft, chewy center of internal networks.
Erik Pace Birkholz with David Litchfield, Mark Burnett, Chip Andrews, Jim McBee, Roelof Temmingh, Haroon Meer, Tim Mullen, Eric Schultze, Hal Flynn, Vitaly Osipov, and Norris L. Johnson
Foundstone Authors: John Bock, Earl Crane, Mike O'Dea,and Brian Kenyon, Matt Ploessel, James C. Foster
Foreword by: Stuart McClure
Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach-Tactical and Strategic-to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data. These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books.
This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses.
OUnprecedented Team of Security Luminaries. Led by Foundstone Principal Consultant, Erik Pace Birkholz, each of thecontributing authors on this book is a recognized superstar in their respective fields. All are highly visible speakers and consultants and their frequent presentations at major industry events such as the Black Hat Briefings and the 29th Annual Computer Security Institute Show in November, 2002 will provide this book with a high-profile launch.
OThe only all-encompassing book on internal network security. Windows 2000, Windows XP, Solaris, Linux and Cisco IOS and their applications are usually running simultaneously in some form on most enterprise networks. Other books deal with these components individually, but no other book provides a comprehensive solution like Special Ops. This book's unique style will give the reader the value of 10 books in 1
"Special Ops: Internal Network Security Guide" is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach - Tactical and Strategic - to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data.; These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books. This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses. This book features an unprecedented team of security luminaries. Led by Foundstone Principal Consultant, Erik Pace Birkholz, each of the contributing authors on this book is a recognized superstar in their respective fields. All are highly visible speakers and consultants and their frequent presentations at major industry events such as the Black Hat Briefings and the 29th Annual Computer Security Institute Show in November, 2002 will provide this book with a high-profile launch. This is the only all-encompassing book on internal network security. Windows 2000, Windows XP, Solaris, Linux and Cisco IOS and their applications are usually running simultaneously in some form on most enterprise networks.; Other books deal with these components individually, but no other book provides a comprehensive solution like Special Ops. This book's unique style will give the reader the value of 10 books in 1 Key Features A step by step tutorial to getting your Joomla! CMS website up fast This book has now been updated to the latest 1.5 release Walk through each step in a friendly and accessible way Customize and extend your Joomla! site Get your Joomla! website up fast Book Description Joomla! is a fully featured web content management system and was created in Summer 2005 as a fork from the hugely popular Mambo CMS with many of the original Mambo developers moving their efforts to Joomla! While still in its first release, it is supported by an active and well organized open source development team and community. Joomla! is both easy to use at the entry level for creating basic websites, whilst having the power and flexibility to support complex web applications. Joomla! implements the core requirements of a full-featured CMS. It has a powerful and extensible templating system with the ability to upload and manage many different data types. User access control, content approval, rich administrative control, and content display scheduling are all built-in. New features and extensions are constantly added to the core system, with many more being available and supported by the community What you will learn The book begins by introducing Joomla! and concepts behind content management. Then the installation of Joomla!, and its supporting software [Apache/MySQL/PHP] is covered clearly and simply. Once you have the installation up and running, we then take a tour of Joomla! as it appears out of the box, to familiarize ourselves with how it works and what is what. As you take the tour, your own ideas for what you need in your new website begin to crystallize around what you can see Joomla! is capable of. We then build our web application, using only the features of Joomla! we really need. Once we have a base version of our site up, we then learn how to change its appearance and feature set to suit our particular requirements, including bringing it into line with an established corporate identity. At the end of the book we show how you can add your own extensions to Joomla!. Who this book is for This book is suitable for web developers, designers, webmasters, content editors and marketing professionals who want develop a fully featured web presence in a simple and straightforward process. It does not require any detailed knowledge of programming or web development, and any IT confident individual will be able to use the book to produce an impressive web si.. Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has been done on the inside? This book attacks the problem of the soft, chewy center in internal networks. We use a two-pronged approach-Tactical and Strategic-to give readers a complete guide to internal penetration testing. Content includes the newest vulnerabilities and exploits, assessment methodologies, host review guides, secure baselines and case studies to bring it all together. We have scoured the Internet and assembled some of the best to function as Technical Specialists and Strategic Specialists. This creates a diversified project removing restrictive corporate boundaries. The unique style of this book will allow it to cover an incredibly broad range of topics in unparalleled detail. Chapters within the book will be written using the same concepts behind software development. Chapters will be treated like functions within programming code, allowing the authors to call on each other's data. These functions will supplement the methodology when specific technologies are examined thus reducing the common redundancies found in other security books. This book is designed to be the "one-stop shop" for security engineers who want all their information in one place. The technical nature of this may be too much for middle management; however technical managers can use the book to help them understand the challenges faced by the engineers who support their businesses. ØUnprecedented Team of Security Luminaries. Led by Foundstone Principal Consultant, Erik Pace Birkholz, each of the contributing authors on this book is a recognized superstar in their respective fields. All are highly visible speakers and consultants and their frequent presentations at major industry events such as the Black Hat Briefings and the 29th Annual Computer Security Institute Show in November, 2002 will provide this book with a high-profile launch. ØThe only all-encompassing book on internal network security. Windows 2000, Windows XP, Solaris, Linux and Cisco IOS and their applications are usually running simultaneously in some form on most enterprise networks. Other books deal with these components individually, but no other book provides a comprehensive solution like Special Ops. This book's unique style will give the reader the value of 10 books in 1 Joomla! is a fully featured web content management system. This book is a tutorial to creating a website using Joomla!. It guides you through various steps and provides all the information, from installation, to initial set up and content entry and then on to customization for your own look and feel.