tansqrx
Aug 8 2006, 05:58 PM
| | Most of the research for these tutorials were created for a research paper that I wrote. It has been a few years ago now but I believe that this information is still relevant. The purpose of this paper was as follows:
What is the communications protocol used by common booters?
Is it possible to build my own booter program?
What causes, at the machine level, the Yahoo! Messenger program to crash?
Is it possible to inject arbitrary code using current booter technology?
In the finial form of this paper I created my own booter program and investigated if it was possible to basically take over someone's computer by hitting them with a booter and injecting proper code into the attack. What follows is a description of my program and debugger outputs of the resulting boot code.
|
Reply
Recent Queries:--
explain me what is remote code execution - 477.87 hr back. (1)
-
yahoo protocol delphi - 498.08 hr back. (1)
-
"yahoo protocol " "php function" - 570.24 hr back. (1)
Similar Topics
Keywords : yahoo, protocol, part, 14, remote, code, execution
- Yahoo! Protocol: Part 19 - Conclusion
(0)
Yahoo! Protocol: Part 18 - Arbitrary Code Execution
(0) The holy grail of any exploit is to be able to run arbitrarily injected code. If code from the
attacker can be run on the target system, in most cases the attacker just gained full control of the
target system. An attacker can inject previously tested shellcode onto the victim machine and at the
very least spawn a command prompt. The primary focus of this paper is to take the act of booting
from annoying DoS attacks to much more sophisticated and dangerous remote code execution attacks.
To analyze and follow the execution of Yahoo! Messenger, break points and analysis o....
Yahoo! Protocol: Part 17 - Crash
(0) The results from a crash can be simply summarized in the following statement: “Access violation when
reading (00730079). In windows terms, an access violation occurs when a program tries to read
information from a protected area in memory or a section of memory that does not belong to that
particular program. In this case, Yahoo! Messenger tried to read the memory address 00730079. Table
2 shows the currently allocated memory areas for Messenger sorted by ascending address. Table
2 - Currently Allocated Memory Addresses It is seen that 00730079 is not included ....
Yahoo! Protocol: Part 16 - Assembly Analysis
(0) Overview To truly understand why a booter or any other types of exploits function, an
investigator must have a look at the program’s source code. In the case of Yahoo! Messenger which is
a closed source program, I am forced to dive into the dark and sometimes mystical realm of assembly
debugging. By exploring the Yahoo! Messenger assembly code and the machine state at the time of a
crash I can reveal why, on the machine level, how a booter works. Perhaps more importantly, is it
possible to run arbitrary code from a remote attack. Tools In order to explore the asse....
New Yahoo! Messenger Protocol Changes?
(4) I first picked this up on Big Blue Ball in their newsletter
(http://www.bigblueball.com/forums/yahoo-messenger-news/39852-yahoo-drop-support-y-messenger-7-5-apr
il-2nd.html). QUOTE As of April 2nd, 2007, we will no longer offer customer support for
Yahoo! Messenger 7.0/7.5. We recommend that you upgrade to the latest version of Yahoo! Messenger.
We will keep these help pages available online should you continue to use this version and have
basic questions that these pages can answer. The administrators of Big Blue Ball speculate that
this may mean another proto....
Yahoo! Protocol: Part 15 - Yahoo! Trainer
(0) Since the writing of this article the Yahoo! Trainer mentioned has gone through several revisions.
The original code may not fully function but can be found at
http://www.ycoderscookbook.com/Files/Yahoo Login Sockets.rar.. The current iteration of the trainer
is called YCC Trainer and can be found at http://www.ycoderscookbook.com/Files/YCC_Trainer.zip .
The latest version currently does not have all of the functionality of the first version but the
code has been rewritten to make it more understandable and a better learning tool. If reading from a
different site, al....
Yahoo! Protocol: Part 13 - Disconnect And Proto D/c Boots
(0) QUOTE(www.ycoderscookbook.com) Two other notable types of booter code exist, Disconnect Boot and
Proto D/C Boot. Many times boot code makers will mix in the shared files boot packet with these two
booters because the shared files code is more effective and reliable. A detailed discussion about
these two booters will now be given. The important facts to know is that they both work the same
way as the shared files boot, timing errors in the Yahoo! Messenger client causes a crash. All
three boot codes create a crash at the same memory address. The basic structure o....
Yahoo! Protocol: Part 12 - Shared Files Boot
(0) With increased complexity in sharing files, the file sharing P2P command has become a target for
boot code writers. One such attack comes in the form of the shared files boot. The shared files
boot is the most popular and effective boot against Yahoo! Messenger as of spring 2005. Because of
its effectiveness, the shared files boot is the basis for most other boot code in circulation and
will be the main focus for the rest of this paper. The basic structure of the shared files boot is
shown in Figure 30. It is seen that the packet sent is not very complicated. The pa....
Yahoo! Protocol: Part 11 - Booters Introduction
(4) For whatever reason, certain users feel the need to harass other citizens of the internet. The
following is a typical scenario of what may cause a Yahoo! booter to be used. Bob is an average
computer user that enjoys talking to his friends over Yahoo! Messenger. One day, Bob goes into a
Yahoo! chat room to discuss the topics of the day. After several minutes of intellectual discussion
with members of the chat room, Jane joins the room. From the very beginning, it is apparent that
Jane is in the room to cause trouble and starts a flame war. Bob and Jane quickly star....
Yahoo! Protocol: Part 10 - Peer To Peer Transfers
(0) Not all packets are sent through the Yahoo! servers. Sometimes it is best to initiate a direct peer
to peer communication between clients. Once a connection has been established, all IM and other
traffic travel directly between peers. This type of communication is known as peer to peer (P2P)
and is initiated with a Yahoo! service called Yahoo_P2PFileXfer. The main reason to create a P2P
connection is because a large amount of data must be transferred between clients. A direct
connection takes extra processing and network traffic burden off the Yahoo! servers. The mos....
Yahoo! Protocol: Part 9 - Instant Messages
(0) An IM is the simplest service offered in Yahoo! and will be used as an example. This conversation
will take place between Yuser1 and Yuser2 and is seen from the point of view of Yuser1. Yuser1
sends a single packet as shown in Figure 24. The packet contains the sender, recipient, message,
and other system information. Due to the fact that the packet is proxied through the Yahoo!
servers, Yuser2 actually sees a different packet than the one sent by Yuser1. The packet fields are
reordered and the 5 field is changed to show who the current sender is. Figure 25 shows a....
Yahoo! Messenger Protocol Tutorial - Part 8 (Signing-in)
(0) Before any program can utilize the Yahoo! network, the client must sign-in with a username and
password. The order of events used to sign-in is shown in Figure 17. Not all events are necessary
to become available on the Yahoo! network and the optional steps are denoted by an “*.” Figure
17 - Sign-In Sequence The first step to signing-in is to send a verify packet, Yahoo_Verify, to
the Yahoo! servers to see if a network path is available. The packet structure is shown in Figures
18 and 19. Figure 18 - Yahoo! Verify to Server Figure 19 - Yahoo! Verify fro....
Yahoo! Messenger Protocol Tutorial - Part 7
(0) Yahoo! Protocol: Part 7 - Yahoo! Packet Structure All Yahoo! communications use TCP over IP
communication and the Yahoo! data resides in the data field of the TCP packet as shown in Figure 13.
Figure 13 - Yahoo! Messenger Packet Yahoo! extends the common TCP/IP convention of using
headers by creating its own application level header format. A Yahoo! header is 20 bytes long and
is identified by the first 4 bytes being “YMSG.” The Yahoo! header also includes the YMSG version,
message length, service type, status, and session ID. Figure 14 shows a graphical repre....
Yahoo! Messenger Protocol Tutorial - Part 6
(0) Yahoo! Protocol: Part 6 - Money and Closed Protocols Even with all the bells and whistles of
Yahoo! Messenger, Messenger still follows the same basic communications architecture as most other
instant messengers. Yahoo! is based on a central server structure. First a client, Yahoo!
Messenger logs onto a Yahoo! server using a username and password. The server authenticates the
request and either allows or denies access to services. From this point most messages sent to other
users are buffered through the server. After a successful login the client registers as bein....
Yahoo! Messenger Protocol Tutorial - Part 5
(0) Yahoo! Protocol: Part 5 - Disclaimer and Legal Upon becoming a member of the Yahoo! community, a
user agrees to follow the Yahoo! Terms of Service (TOS) . According to the TOS, when a user
registers, he is obligated to provide completely trueful answers to any questions posed by Yahoo!
and update any information if it changes. Section 3a, b states the following: QUOTE You also
agree to: (a) provide true, accurate, current and complete information about yourself as prompted by
the Service's registration form (the "Registration Data") and (B) maintain and pro....
Yahoo! Messenger Protocol Tutorial - Part 4
(0) As with any basic instant messaging service, Yahoo! Messenger offers several basic functions. In
general, an instant messenger offers conversations between two users in real time. As a rule, both
users will see the conversation line by line as it is typed. Although not required, instant
messengers usually offer the ability to show away messages, reside in the system tray until needed,
and offer a user buddy list . In addition to these basic services, the latest version of Yahoo!
Messenger also offers more advanced features. Although not unique, these services make ....
Yahoo! Messenger Protocol Tutorial - Part 3
(0) Yahoo! started its life as “Jerry and David’s Guide to the World Wide Web” in January of 1994. Its
creators David Filo and Jerry Yang, started Yahoo! as a way to track their personal interests. As
word spread of this new effective search engine, resources were soon strained. Moving from Stanford
University to Netscape facilities, and finally to its own headquarters, Yahoo! has become one of the
largest Internet names in history. At the end of the day Yahoo! is still a business and like all
businesses, Yahoo! has to make a profit and adhere to a business model. Yahoo!....
Yahoo! Messenger Protocol Tutorial - Part 2
(2) Part 2 - History The need for humans to communicate faster and more efficiently has been one of the
driving forces behind the Internet. Not since the invention of the telephone has communications
between humans been more readily available. The communication power of the Internet began to take
shape in its infancy with one of the first Internet applications, email. While the Internet was
still ARPANET and with only four links, the first email message was sent by Ray Tomlinson in 1971.
The first message consisted of the text “Testing 1-2-3” and did not contain any of th....
Yahoo! Messenger Protocol Tutorial - Part 1
(0) One of the security passions that I have maintained over the past few years is the one with Yahoo!
Messenger. In recent months Yahoo! Messenger has seen a decline in users due to some new policies.
Although not as strong as perhaps a year ago, it is still very important to keep a watch on Yahoo!
Messenger from a security point of view. Messenger, just like may of the programs we use, open a
door out to the Internet. With each new door comes a unique set of security concerns. Perhaps the
biggest reason to keep an eye on Yahoo! Messenger is because the user base is so....
New Tools And A New Protocol For Messenger
(0) Way back when I had Messenger 6.0 I came across a fairly unique add-on to Yahoo! Messenger that
added the "join user in chat" function that was taken away in the migration from 5.0 to 6.0. The
program simply consisted of a file that replaced a Yahoo! DLL and re-enabled the join user in chat
function. Once I upgraded to 7.0 the program of course did not work and I started my search for a
replacment. At long last I have found it and not only does it add the join user in chat, it also
adds view webcam and much more that has been missing since the days of 5.0. The add-on is ....
Yahoo! Protocol Tutorial - Any Interest?
(4) Well quite some time ago I got the crazy idea to research Yahoo! Messenger security. Of course this
required me to research the Messenger protocol and to my dismay I found very little. In fact the
only way I could find anything out about how Yahoo! Messenger communicates was to fire up Ethereal
and packet sniff. Well after that I have compled quite abit of information and have created a lot
of supporting diagrams and explinations. I have mapped the login process and many of the more
common events. My question is this: Would anyone be intersted in my findings? If I ....
Looking for yahoo, protocol, part, 14, remote, code, execution
|
*SIMILAR VIDEOS*
Searching Video's for yahoo, protocol, part, 14, remote, code, execution
|
advertisement
|
|
