Neolex – WindowsTechs.com

Why does fgets fail when I use 0 as FILE* to read from stdin in rop chain?

Posted on November 9, 2020 by Neolex

I am making a rop chain to call fgets with stdin as input to be able to make a basic stackoverflow.
But my issue is that when I call fgets with 0 as third argument (for stdin) fgets crash at
<fgets+49> mov ecx, DWORD PTR [e… Continue reading Why does fgets fail when I use 0 as FILE* to read from stdin in rop chain?→

Posted on June 7, 2020 by Neolex

I would like to know if this code is secure to validate that a url is from my domain before loading it a webview in android :

if (!url.startsWith(“https://www.example.com/test/”)){
// don’t load the url
dontload = true;
}

Posted on March 14, 2020 by Neolex

I’m wondering if the following code is vulnerable to command injection in bash:

sumo /bin/netflash -Uk $CONTROLED_OPTION 2>&1

I’m thinking since it’s not included in ” ” it should be vulnerable but I’m not sure since I can’t m… Continue reading Is this bash command vulnerable to code injection?→

Posted on February 29, 2020 by Neolex

I’m learning android application pen testing and I’m kinda lost about what can do an attacker that control the content of a webview ?

I guess if there is no javascript enabled there is no impact, right ?
But if there is JavaScript enable… Continue reading What is the impact of controling the content of a webview in Android?→

Posted on January 16, 2020 by Neolex

I’m doing bug bounty on an android app and I reported an app that have allowBackup to true.

The program told me that it’s not an issue because it need root.

Is it true ? I don’t have a non-rooted android device right now so I can’t test … Continue reading Android app backup enabled : does it need root?→

Posted on October 17, 2019 by Neolex

I would like to create seccomp rules (with https://github.com/david942j/seccomp-tools) to change the call :
write(2,’error’) to write(1’error’)

so redirect the write on stderr to a write on stdout…
I tried this script : … Continue reading How to write Seccomp rules to redirect write stderr to stdout→

Posted on October 8, 2019 by Neolex

I’m new to android pentesting and I would like to know :

if sending an object created via the result of intent.getSerializableExtra(“EXTRA_TEST”);

to handler.postDelayed(TheObject,500) could lead to a vulnerability ?

Posted on October 7, 2019 by Neolex

I have an application that run a method from a class via DexClassLoader like that :

Class<?> classToLoad = new DexClassLoader(codeFile.getAbsolutePath(), tmpDir.getAbsolutePath(), null,ClassLoader.getSystemClassLoader… Continue reading How to access variable of the parent class from a DexClassLoader?→

Posted on June 27, 2019 by Neolex

I’m new in web pentesting and I have read a lot of books.

But I think I should read some RFC to have a better knowledge about web applications.

There is a lot of RFC and I’m a bit lost on which one should I read…

Posted on June 8, 2019 by Neolex

I’m starting android bug hunting and I’ve seen a service with implicit intent,
and I saw in Android documentation that :

Using an implicit intent to start a service is a security hazard because you cannot be certain of … Continue reading Implicit Service for Firebase→