CanSecWest Day 3 – PWN2OWN update – Vista pwnd


EDIT:  So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning the Vista box and winning it: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up  My presentation ran a little long and Dragos is awesome and lets you run long if you need extra time but then I felt bad and had to hurry off the stage so the final presentation of the day could go on.  As I was packing up Dragos came to the front and announced that Shane and Alex had won the Vista box.  It was a sweet little ultra portable tablet PC thing.  I’m a little confused about what he actually pwnd to get it though . . . the TP write-up says Flash but that wasn’t what I had heard he’d pwnd.  🙂  Anyhoo – it wasn’t anything inbox at least. 🙂


So K2 tried going after the Vista SP1 box as soon as the challenge opened today.  After about 30 minutes of trying people started asking what the status was since we all expected it to get popped via Flash right away. 
The verdict?  He thinks his shellcode isn’t working because of NX pages in memory (which he wasn’t expecting since he’s not running SP1).  Oops.  Did we do that? 🙂  When I left he was going after the Ubuntu box instead. 🙂


Comments (4)

  1. Anonymous says:

    Yeah, still I can’t help but wonder if this might not be a day late and a dollar short:

    http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html

  2. Anonymous says:

    Flash wasn’t what I heard either.  Hey, is "Dark Roast" documented somewhere?  I figure it you’re going to reference it in your presentation, would be nice to have the "how to" samples posted somewhere.

  3. Anonymous says:

    gee, I heard they were going to go after AIM, always an easy target.