Collaborate Disseminate
I’m trying to exploit a simple buffer overflow with gdb and peda, I just want to rewrite the return address with the address of a function of the program. I can easily do it with python2 but it seems to be impossible with python3, the retu… Continue reading Buffer overflow exploit with python3 : wrong return address written
I’m actually busy with learning more about buffer overflows. I read some interesting tutorials and just got the basic idea behind it. I tried to produce a vulnerable c++ file to test my knowledge against it, but it seems like… Continue reading Why is this not a buffer overflow?
First, some background: I’ve got a C++-based client/server system that uses the OpenSSL C library to encrypt the client/server connections. This is done in (what I believe is) the canonical OpenSSL fashion; that is to say, … Continue reading Client-only authentication instead of server-only authentication, using OpenSSL
In computer security and control-flow integrity (CFI) there are two terms: code-pointer separation (CPS) and code-pointer integrity (CPI), defined as follows:
Code-Pointer Integrity (CPI) is a property of C/C++ programs t… Continue reading Are code-pointer separation (CPS) and code-pointer integrity (CPI) about programming or compilers?
I am reading “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)”.
The author claims that x86 code is like English written without punctuation or spaces, so that the words all ru… Continue reading In Return-Oriented Programming how can the machine execute unaligned instructions?
I’m currently using nested functions (which is extensions to C in GCC), however that is not supported (and is not planned to be supported) in clang. Mostly on the grounds that executable stack is dangerous and I would like to… Continue reading How and why is executable stack dangerous?
I’m trying to implement a self signed x509 certificate that uses a post-quantum (PQ) public key algorithm as the public key algorithm. I looked at the openssl library in c, and the way it’s done using RSA. I’m essentially try… Continue reading Creating X509 certificate in C using post-quantum public key algorithm?
I’m currently trying out a simple format string vuln exploit. The target program looks like this:
int main(int argc, char *argv[])
{
char buffer[1024];
strncpy(buffer, argv[1], sizeof(buffer));
printf(buffer);
… Continue reading Shellcode as part of format string buffer
I’m exploiting a buffer overflow in C to execute arbitrary code, but the shellcode I’m using crashes when it encounters the opcode 0x57.
The BOF is created by a scanf, which puts the input in a buffer. My BOF already correct… Continue reading Shellcode using Intel 86_64’s opcode 0x57 crashes
Okay, so I am developing a kernel module that does kernel mode hooking to hook APIs and modify some values. But is there anyway I could tell if what program called a specific API? Say a program from user-land calls NtQuerySys… Continue reading How to find out what program called an API in windows?