stuxonline.ml Report : Visit Site

Technical data of the stuxonline.ml

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host stuxonline.ml. Currently, hosted in Netherlands and its service provider is Exact Automatisering BV .

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called awex containing the details of what the browser wants and will accept back from the web server.

DNS

HtmlToText

skip to content stux a cyber warfare expert menu home posts posted on 15th september 2017 buffer overflow attack buffer overflow errors are characterized by the overwriting of memory fragments of the process, which should have never been modified intentionally or unintentionally. overwriting values of the ip (instruction pointer), bp (base pointer) and other registers causes exceptions, segmentation faults, and other errors to occur. usually these errors end execution of the application in an unexpected way. buffer overflow errors occur when we operate on buffers of char type. buffer overflows can consist of overflowing the stack (stack overflow) or overflowing the heap (heap overflow). we don’t distinguish between these two in this article to avoid confusion. below examples are written in c language under gnu/linux system on x86 architecture. risk factors tbd examples example 1 #include <stdio.h> int main(int argc, char **argv) { char buf[8]; // buffer for eight characters gets(buf); // read from stdio (sensitive function!) printf(“%s\n”, buf); // print out data stored in buf return 0; // 0 as return value } this very simple application reads from the standard input an array of the characters, and copies it into the buffer of the char type. the size of this buffer is eight characters. after that, the contents of the buffer is displayed and the application exits. program compilation: rezos@spin ~/inzynieria $ gcc bo-simple.c -o bo-simple /tmp/ccecxqax.o: in function `main’: bo-simple.c:(.text+0x17): warning: the `gets’ function is dangerous and should not be used. at this stage, even the compiler suggests that the function gets() isn’t safe. usage example: rezos@spin ~/inzynieria $ ./bo-simple // program start 1234 // we eneter “1234” string from the keyboard 1234 // program prints out the conent of the buffer rezos@spin ~/inzynieria $ ./bo-simple // start 123456789012 // we eneter “123456789012” 123456789012 // content of the buffer “buf” ?!?! segmentation fault // information about memory segmenatation fault we manage (un)luckily to execute the faulty operation by the program, and provoke it to exit abnormally. problem analysis: the program calls a function, which operates on the char type buffer and does no checks against overflowing the size assigned to this buffer. as a result, it is possible to intentionally or unintentionally store more data in the buffer, which will cause an error. the following question arises: the buffer stores only eight characters, so why did function printf() display twelve?. the answer comes from the process memory organisation. four characters which overflowed the buffer also overwrite the value stored in one of the registers, which was necessary for the correct function return. memory continuity resulted in printing out the data stored in this memory area. example 2 #include <stdio.h> #include <string.h> void doit(void) { char buf[8]; gets(buf); printf(“%s\n”, buf); } int main(void) { printf(“so… the end…\n”); doit(); printf(“or… maybe not?\n”); return 0; } this example is analogous to the first one. in addition, before and after the doit() function, we have two calls to function printf(). compilation: rezos@dojo-labs ~/owasp/buffer_overflow $ gcc example02.c -o example02 -ggdb /tmp/cccbmjcn.o: in function `doit’: /home/rezos/owasp/buffer_overflow/example02.c:8: warning: the `gets’ function is dangerous and should not be used. usage example: rezos@dojo-labs ~/owasp/buffer_overflow $ ./example02 so… the end… test // user data on input test // print out stored user data or… maybe not? the program between the two defined printf() calls displays the content of the buffer, which is filled with data entered by the user. rezos@dojo-labs ~/owasp/buffer_overflow $ ./example02 so… the end… test123456789 test123456789 segmentation fault because the size of the buffer was defined (char buf[8]) and it was filled it with thirteen characters of char type, the buffer was overflowed. if our binary application is in elf format, then we are able to use an objdump program to analise it and find necessery information to exploit the buffer overflow error. below is output produced by the objdump. from that output we are able to find addresses, where printf() is called (0x80483d6 and 0x80483e7). rezos@dojo-labs ~/owasp/buffer_overflow $ objdump -d ./example02 080483be <main>: 80483be: 8d 4c 24 04 lea 0x4(%esp),%ecx 80483c2: 83 e4 f0 and $0xfffffff0,%esp 80483c5: ff 71 fc pushl 0xfffffffc(%ecx) 80483c8: 55 push %ebp 80483c9: 89 e5 mov %esp,%ebp 80483cb: 51 push %ecx 80483cc: 83 ec 04 sub $0x4,%esp 80483cf: c7 04 24 bc 84 04 08 movl $0x80484bc,(%esp) 80483d6: e8 f5 fe ff ff call 80482d0 <puts@plt> 80483db: e8 c0 ff ff ff call 80483a0 <doit> 80483e0: c7 04 24 cd 84 04 08 movl $0x80484cd,(%esp) 80483e7: e8 e4 fe ff ff call 80482d0 <puts@plt> 80483ec: b8 00 00 00 00 mov $0x0,%eax 80483f1: 83 c4 04 add $0x4,%esp 80483f4: 59 pop %ecx 80483f5: 5d pop %ebp 80483f6: 8d 61 fc lea 0xfffffffc(%ecx),%esp 80483f9: c3 ret 80483fa: 90 nop 80483fb: 90 nop if the second call to printf() would inform the administrator about user logout (e.g. closed session), then we can try to omit this step and finish without the call to printf(). rezos@dojo-labs ~/owasp/buffer_overflow $ perl -e ‘print “a”x12 .”\xf9\x83\x04\x08″‘ | ./example02 so… the end… aaaaaaaaaaaau*. segmentation fault the application finished its execution with segmentation fault, but the second call to printf() had no place. a few words of explanation: perl -e ‘print “a”x12 .”\xf9\x83\x04\x08″‘ – will print out twelve “a” characters and then four characters, which are in fact an address of the instruction we want to execute. why twelve? 8 // size of buf (char buf[8]) + 4 // four additional bytes for overwriting stack frame pointer —- 12 problem analysis: the issue is the same as in the first example. there is no control over the size of the copied buffer into the previously declared one. in this example we overwrite the eip register with address 0x080483f9, which is in fact a call to ret in the last phase of the program execution. how to use buffer overflow errors in a different way? generally, exploitation of these errors may lead to: application dos reordering execution of functions code execution (if we are able to inject the shellcode, described in the separate document) how are buffer overflow errors are made? these kinds of errors are very easy to make. for years they were a programmer’s nightmare. the problem lies in native c functions, which don’t care about doing appropriate buffer length checks. below is the list of such functions and, if they exist, their safe equivalents: gets() -> fgets() – read characters strcpy() -> strncpy() – copy content of the buffer strcat() -> strncat() – buffer concatenation sprintf() -> snprintf() – fill buffer with data of different types (f)scanf() – read from stdin getwd() – return working directory realpath() – return absolute (full) path use safe equivalent functions, which check the buffers length, whenever it’s possible. namely: gets() -> fgets() strcpy() -> strncpy() strcat() -> strncat() sprintf() -> snprintf() those functions which don’t have safe equivalents should be rewritten with safe checks implemented. time spent on that will benefit in the future. remember that you have to do it only once. use compilers, which are able to identify unsafe functions, logic errors and check if the memory is overwritten when and where it shouldn’t be. share this: click to share on twitter (opens in new window) click to share on facebook (opens in new window) click to share on google+ (opens in new window) like this: like loading... posted on 14th september 2017 mobile code: object hijack this attack consists of a technique to create objects without constructors’ methods by taking advantage of the clone() method of java-based applications. if a certain class implements cloneable() method declared as p

URL analysis for stuxonline.ml

http://www.stuxonline.ml/#content

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

Domain name:
STUXONLINE.ML

Organisation:
Freedom Registry, Inc.
2225 East Bayshore Road #290
Palo Alto CA 94303
United States
Phone: +1 650-681-4172
Fax: +1 650-681-4173

Domain Nameservers:
NS01.FREENOM.COM
NS02.FREENOM.COM
NS03.FREENOM.COM
NS04.FREENOM.COM

Your selected domain name is a domain name that has been
cancelled, suspended, refused or reserved at the Point ML Registry

It may be available for re-registration at http://www.point.ml

In the interim, the rights for this domain have been automatically
transferred to Freedom Registry, Inc.

Please be advised that the Point ML Registry, Freenom and
Freedom Registry, Inc. cannot be held responsible for any content
that was previously available at this domain name.

Due to restrictions in Point ML 's Privacy Statement personal information
about the previous registrants of the domain name cannot be released
to the general public.

Point ML is proud to work with numerous governmental law enforcement
agencies to stop spam, fraud, phishing attempts, child pornography and
other illicit content on Point ML websites. These agencies may contact the
Point ML Registry directly with any enquiries they may have regarding the
usage of this domain by previous registrants.

Record maintained by: Point ML Domain Registry


SERVERS

  SERVER ml.whois-servers.net

  ARGS stuxonline.ml

  PORT 43

  TYPE domain

DOMAIN

  NAME stuxonline.ml

  REGISTERED unknown

Mistakes

The following list shows you to spelling mistakes possible of the internet users for the website searched .