tansqrx
Apr 29 2007, 05:40 AM
The holy grail of any exploit is to be able to run arbitrarily injected code. If code from the attacker can be run on the target system, in most cases the attacker just gained full control of the target system. An attacker can inject previously tested shellcode onto the victim machine and at the very least spawn a command prompt. The primary focus of this paper is to take the act of booting from annoying DoS attacks to much more sophisticated and dangerous remote code execution attacks. To analyze and follow the execution of Yahoo! Messenger, break points and analysis of the system stack was performed at key points. It is found that the stack is corrupted with the address 00730079 shortly after one of the registry accesses during the first packet. Because of the large amount of commands executed between packets, it still not clear as to which command causes the corruption or the exact timing of the corruption. While analyzing the stack after a crash, it is also found that the address of 00730079 is not completely random. When converted to UNICODE characters, 00730079 is the string “ys”. Looking further down the stack after a crash it is found that the string “D:\System\Program Files\Yahoo\Messenger\Ypager.exe” is passed as an argument several times. In the case for this computer, “D:\System\Program Files\Yahoo\Messenger\Ypager.exe” is the path for the Yahoo! Messenger executable. It is not hard to see that the string “ys”, aka 00730079 is actually part of the string D:\System\...”. While performing an earlier operation, the Messenger executable path overwrote a valid stack entry and eventually caused the access violation. Table 4 shows the system stack immediately after the crash. The address 00730079 (“ys”) and the Messenger executable path are both highlighted.  Table 4 - StackIn short it is found that the ultimate goal for this paper, arbitrary code execution through a Yahoo! booter, is not possible. It is shown that the stack corruption that causes the access violation is the result of a timing issue and not the code sent in the booter packet.
Reply
Similar Topics
Keywords : yahoo, protocol, part, 18, arbitrary, code, execution
- Yahoo! Messenger Challenge Response Algorithm
(11)
Yahoo! Messenger Power User
(1) I just received a very weird message when I logged into Messenger today. It said “Congratulations,
you are a Power User!” The pop-up was in its separate window similar to the annoying Insider
and had a Learn More, Choose Your Icon, and No Thanks button (the Learn More button didn’t work).
After doing a quick Google search
(http://help.yahoo.com/l/us/yahoo/messenger/messenger9/pwrusr/pwrusr-01.html)
(http://messenger.yahoo.com/powerusers) I found that this thing does really exist and wasn’t some ad
pop-up that somehow got past my defenses. Here are a few of the “b....
Yahoo! Search Boss
(5) Last wednesday (2008-07-09) Yahoo! Search launched a new service called Yahoo! Search
BOSS (Build your Own Search Service) which is a web services platform that allows developers and
companies to create and launch web-scale search products by utilizing the same infrastructure and
technology that powers Yahoo! Search . Some capabilities of the new Yahoo! Search BOSS
service are: Ability to re-rank and blend results Unlimited queries Total flexibility on
presentation This service is based on Python and is available to everybody, to get started a....
Get Paid To Search Yahoo!
New way for you to make money online (10) Hi buddies, Is this a good news for you? I've got paid for the first month from this site. Here
is how you can earn: After you sign up, they ask you to set their page as homepage and install a
search box.Everyday, when you search once, you will earn up to 3p. How much you can earn depends on
where you live. I earned 1.5p per search. So, if you search 40 times per day, how much you will earn
a month? It's very easy, right? In addition, when you refer friends, you will earn more. They
offer 4 referral levels: 50%, 10%, 5% and 2.5%. If you are interested, sign up a....
Yahoo! Messenger Talking To Google Talk?
(7) While Yahoo! was off fighting Microsoft, they made some deals with Google to put a slightly
tainted taste into the merger deal. The most notable one was an ad revenue “trial” where Google
would serve the ads on Yahoo! pages in return for a very favorable share of the profit. Over
the past week it appears that the trials were very successful and Yahoo! has agreed to a more
permanent deal with Google that would continue the deal, pending any anti-trust issues. Mixed up in
this agreement is a paragraph that indicates future interoperability between the two IM....
Yahoo! Dodges The Bullet
(4) Microsoft has receded it’s bid for Yahoo! in a surprise Saturday (May 3, 2008) announcement.
When presented with offering more money or engaging in a hostel take-over, Microsoft decided to take
a third route and just drop the whole thing. In a letter addressed to Yahoo!
(http://www.microsoft.com/presspass/press/2008/may08/05-03letter.mspx), Microsoft outlined several
reasons why they let the offer slip. There are concerns that a deal between Yahoo! and Google
would seriously throw a monkey wrench into things and regulatory bodies, the EU in particular, wou....
Who Uses A Yahoo E-mail
(8) How many people use a Yahoo e-mail account & WHY? What is good about it?! Post as a comment
please....
Latest Yahoo! Vulnerability Appears To Be A Moving Target For Messenger
(2) I have been aware of the latest Yahoo! Jukebox and until recently Messenger exploits for about a
week. Starting on the 3rd of February, three critical vulnerabilities were posted for datagrid.dll
and mediagrid.dll which are part of the Yahoo! Jukebox offering
(http://www.securityfocus.com/bid/27578, http://www.securityfocus.com/bid/27579 ,
http://www.securityfocus.com/bid/27590) . The reason that I waited so long to post this is because
the details were inconsistent and it didn’t add up to me. The versions of Messenger that were
listed as vulnerable are abso....
Optimize Your Site For Yahoo
(1) I know google and Yahoo somehow values different stuff when it ranks websites. Some good tips for
Yahoo optimization: Keywords in URL alt text Site Explorer Prominence I don't want to copy
the whole thing here, but this article explains it: Yahoo Optimization Feel free to share your
experience of optimizing for Yahoo....
Yahoo! May Add Openid Support
(1) An article from Security Focus (http://www.securityfocus.com/brief/665) states that Yahoo! is
considering adding support for OpenID (http://openid.net/). This would add Yahoo! to the
growing number of sites that are supporting the open source effort. There is no mention of
Yahoo! Messenger but I would guess that it will not be supported immediately by the desktop
client. For those who have not heard of OpenID I would suggest doing some research. It promises to
get rid of the hundreds (perhaps thousands for some) of separate website passwords. You could e....
Hacking Yahoo! Messenger
(12) lately i've been reading some way of hacking yahoo messenger. youtube, hacking forums, and etc,
i've been there to ask and to learn how to hacking it. but i've been wondering every now and
then while reading and watching those posted videos and scripts, but they are not working. For real,
is there any way to hack yahoo messenger?....
Tapping Yahoo! Messenger Phone Conversations
(4) The latest post on the official Yahoo! Messenger blog appears to be out of place to me
(http://www.ymessengerblog.com/blog/2008/01/04/recording-yahoo-messenger-calls/). It is not part of
the usual suspects of promising unneeded features or unabashed promotion of Messenger. Instead it
is a fairly useful commentary on how to record a Messenger phone session using third party
applications. The Yahoo! Messenger blog references a New York Times article
(http://www.nytimes.com/2008/01/03/technology/personaltech/03ASKK-002.html?_r=1&oref=slogin) where a
user asked if....
Yahoo! Messenger 9 Beta Preliminary Review
(13) I have been using the latest version of Yahoo! Messenger for over two weeks now and I would like
to give a quick review of it. Overall this is not a major change from what I know as Messenger. As
it has been said before, this is evolutionary not revolutionary. From what I can see there are no
new features (at least none that I would use), the user interface (UI) is prettier, and it looks
like there have been some bug fixes; that’s it. Under the hood there are some things to note.
The current version of the YSMG protocol with version 8 is 15 and Messenger 9 has....
Yahoo! Messenger Author’s New Security Book
(0) There’s not much meat or new content in this post but I did find it rather humorous. Richard Sinn
is apparently the software security engineer for Yahoo! Messenger and he now has a new book out
entitled Software Security Technologies: A Progammatic Approach
(http://blog.messenger.yahoo.com/blog/2007/10/23/kudos-for-the-team/)(http://www.amazon.com/dp/14283
1945X?tag=open0f-20&camp=14573&creative=327641&linkCode=as1&creativeASIN=142831945X&adid=1435SV1WH79
S425NG1ZF&). The price is high for a paperback at $87.95 USD but I may read it once the price
drops or ther....
Minor Updates To Yahoo! Messenger Web
(1) The Yahoo! Messenger development team announced that there have been a few minor upgrades to the
web version of Yahoo! Messenger
(http://blog.messenger.yahoo.com/blog/2007/09/24/yahoo-messenger-for-the-web-new-release/). From
what I can see nothing major has been added except for SMS to mobile users and a few new languages
for India. Apparently the web version of Messenger has taken off in India as nine new languages are
added for that region. You add the support for the biggest demand.....
“discovr” New Friend With Yahoo! Messenger
(2) The latest blog post from the Yahoo! Messenger development teams is about Discovr, a proposed
new way of sharing Messenger contacts. As is stands Messenger is a closed social community. It is
very hard to discover new buddies unless you start trolling around the chat rooms or have a buddy in
real life. Discovr is a method to make Messenger more like Facebook or Myspace where everyone knows
who your friends are. Discovr came from Hack Days, a common occurrence at Yahoo! that
encourages different departments to throw out new ideas. (To think Yahoo! actuall....
Captchas + Yahoo! Chat = No Bots (for Now)
(15) Just in case you haven’t been keeping up with Yahoo! Chat, it looks like a new sheriff is in
town (http://blog.messenger.yahoo.com/blog/2007/08/29/new-entry-process-for-chat-rooms/). Just
before the Labor Day weekend Yahoo! started making users enter a captcha before they could enter
a chat room. This could possibly mean that the chat rooms will be bot free for the time being. My
first impression of the system was not that bad. I logged in with Yahelite and was quickly prompted
to enter the captcha in a separate dialogue box. I do have to admit that the proc....
The Yahoo! Messenger Zero-day For The Month Of August
(1) Yahoo! Messenger is once again in the news for all the wrong reasons. This time it is a heap
overflow in the webcam component. The news was apparently first exposed my McAfee in a blog post at
http://www.avertlabs.com/research/blog/ind...enger-zero-day/ . A second post at
http://www.avertlabs.com/research/blog/ind...er-webcam-0day/ goes into more detail explaining that
you shouldn’t accept unknown webcam invites and to possibly firewall port 5100. Security Focus has
also issued an alert at http://www.securityfocus.com/bid/25330/info but they only classify is....
Yahoo! Chat Room Survey
(1) Back in May Yahoo! swore that the chat room problems were going to be fixed. Again this past
month they said the same thing. This is a survey to see if anyone has experienced better results,
specifically within the past week. Personally I started having real problems starting at the
beginning of the year. The porn bots and booters were always there so I never considered them to be
a problem. I use YahElite to chat so most of the garbage is filtered out anyway. My big complaint
is with not being able to get into a chat room at all. When I go to sign in there is....
I Would Hope Yahoo! Would Get A Clue
(0) As a developer it is sometimes hard to know what your users want in your product or where they would
like to see improvement. This is a problem that any supplier of goods has had since the invention
of trade. The problem can be summed up like this. For every 1 complaint there are 10 other people
out there that have the same problem and just didn’t say anything. For every 1 compliment there are
50 other people out there that feel the same way but just didn’t say anything. I have to admit that
I am the same way. How many times have you gone through your day and thoug....
How To Watch Videos On Yahoo?
(2) how to watch videos? After u found ur link yahoo and watch it after u click on the link and but
yahoo says it must go the web site to watch it,but the website is outdated....
Yahoo Mail With Yahoo Chat
(7) Yahoo has added Yahoo Chat to Yahoo Mail. In other words when you are browsing your e-mails, and if
some of your contacts are online you can chat with them. You are immediatly signed on yahoo chat,
when your yahoo mail turns on. And in the left panel, next to contacts it says 0 online or 3 online,
depends on how many of your contacts or online. Then you can just put your mouse over where it
says how many of your contacts are online, click and you can pick with who you want to chat with.
It is pretty amazing, and I think that Yahoo Mail is getting better and better.....
The State Of Yahoo! Chats
(1) An interesting post slipped through on Friday from the Official Messenger Blog
(http://blog.messenger.yahoo.com/). This is one of the few posts that has some meat to it and it
basically outlines what the future of Yahoo! chat rooms are (the title is “Chat rooms: State of
the Union”, I like it). According to Yahoo!, the entire backend of the servers has been rebuilt
from the ground up. Hopefully they also incorporated security into their software life cycle which
would make many of the common problems disappear. There is also a war against bots, and a MAC plat....
Yahoo Mail Going Unlimited
(24) Yahoo is expanding its offer of unlimited e-mail storage worldwide.Yahoo! Mail has begun its
rollout of unlimited e-mail storage, which will reach all users of the service within the coming
months. Yahoo announced its unlimited storage plan for U.S. residents back in March. Yahoo Mail
originally launched in 1997 with 4MB of storage. The mail app was an outgrowth of Yahoo's
acquisition of Four11 Corporation, which owned an app known as RocketMail. Both new and existing
Yahoo! Mail users will receive an unlimited amount of free e-mail storage. The service upg....
New Yahoo! Web Messenger
(12) Today Yahoo! announced a whole new way to communicate using Messenger. It’s the “all-new
Web-based Yahoo! Instant Messenger.” Ohh wait a minute, wasn’t there already a web version of
Yahoo! Messenger? Despite the fact that the official press release
(http://yodel.yahoo.com/2007/05/02/yahoo-messenger-hold-the-download) makes this out to be something
completely new, a web version of Messenger has been around for years. I of course will be the first
to admit that the old version was so bad that I would like to forget about it too. With the bad
taste of my p....
Unable To Log Into Yahoo! Chat?
(3) This is an interesting tid bit about the Yahoo! chat room problems.
http://www.winbeta.org/forums/index.php?showtopic=8809 To be honest I am kinda scared. When a
company has set a hard deadline to resolve “technical issues” I always get the feeling that
something else is going to change. Maybe this is another protocol change or something specific to
chat. On a personal note, I have noticed the problem getting slightly better over the past few
days. QUOTE Thank you for writing to Yahoo! Messenger. We understand that you are unable
to enter chat rooms ....
Yahoo! Protocol: Part 19 - Conclusion
(0) Throughout this tutorial the main objectives has been covered. Part 12 describes the exact packet
structure generated by the shared files boot. Part 15 shows that it is possible to write a booter
from the ground up only using information gathered through a network sniffer. Parts 16-18 shows that
a booter performs its work by creating a timing fault that in turn cases the stack to be corrupted
and an access violation generated. Part 18 also explores why injection of arbitrary code is not
possible using current booter technology. In my closing opinion, I believe that Yah....
Yahoo! Protocol: Part 17 - Crash
(0) The results from a crash can be simply summarized in the following statement: “Access violation when
reading (00730079). In windows terms, an access violation occurs when a program tries to read
information from a protected area in memory or a section of memory that does not belong to that
particular program. In this case, Yahoo! Messenger tried to read the memory address 00730079.
Table 2 shows the currently allocated memory areas for Messenger sorted by ascending address.
Table 2 - Currently Allocated Memory Addresses It is seen that 00730079 is not inclu....
Yahoo! Protocol: Part 11 - Booters Introduction
(4) For whatever reason, certain users feel the need to harass other citizens of the internet. The
following is a typical scenario of what may cause a Yahoo! booter to be used. Bob is an
average computer user that enjoys talking to his friends over Yahoo! Messenger. One day, Bob
goes into a Yahoo! chat room to discuss the topics of the day. After several minutes of
intellectual discussion with members of the chat room, Jane joins the room. From the very
beginning, it is apparent that Jane is in the room to cause trouble and starts a flame war. Bob and
Jane ....
Yahoo! Messenger Protocol Tutorial - Part 2
(2) Part 2 - History The need for humans to communicate faster and more efficiently has been one of the
driving forces behind the Internet. Not since the invention of the telephone has communications
between humans been more readily available. The communication power of the Internet began to take
shape in its infancy with one of the first Internet applications, email. While the Internet was
still ARPANET and with only four links, the first email message was sent by Ray Tomlinson in 1971.
The first message consisted of the text “Testing 1-2-3” and did not contain any of th....
Looking for yahoo, protocol, part, 18, arbitrary, code, execution
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for yahoo, protocol, part, 18, arbitrary, code, execution
|
advertisement
|
|
