Collaborate Disseminate
The program I am working with has a POC published for it, but not a full explanation. I have been told by my mentor (I am part of a research program) to disclose as little information as possible about the exploit.
The program is ran on Ka… Continue reading Specifying an integer within the maximum of an unsigned 64-bit integer does **not** cause a buffer overflow
Yesterday I installed ParrotOS and during the install I was given the option:
install automotive exploitation toolkit
After some research, I realized that stuff like that was actually important and often used.
So, the question: What kin… Continue reading What kind of vulnerabilities are found in automotive computer systems? [closed]
I have this code for exploiting PsExec that works perfectly fine when I have a TGS for the CIFS SPN on the target, however there are situations where I only have plaintext credentials for the local admin of the target, and so I cannot requ… Continue reading Custom PsExec csharp code with plaintext credentials
Is there a !pvefindaddr p2 (search for all pop/pop/ret combinations in the entire process memory space) equivalent in mona.py?
Alternatively, is there any option to run pvefindaddr in latest versions of Immunity Debugger? Currently, when I… Continue reading pvefindaddr p2 in mona?
I’m trying to understand how to get more information about a vulnerability given a CVE. I noticed that some CVEs, on websites like https://www.cvedetails.com, have got references to articles or to code, for example a reference to https://w… Continue reading Get in depth information about vulnerability from a CVE
I am working with this INE eCXD material and I am working on my basics of buffer overflow on Linux.
In the lab, there is supposed to be a binary that is using the strcpy() function and it SEGFAULTS when it reaches that function.
I loaded t… Continue reading Can’t get this memory addressing
I just installed ASX to MP3 Converter 1.82.50 in order to try this Local Stack Overflow: https://www.exploit-db.com/exploits/38457
I generate a shell code in order to pop a calc.exe:
msfvenom -p windows/exec CMD=calc.exe -f python -b ‘\x00… Continue reading How to fix ASX to MP3 Converter 1.82.50 exploit code
Suppose there is a remote server 203.0.113.123 listening on port 1337 that is running a vulnerable application. I have engineered a sequence of inputs for that application that result in a shell. I can generate that input with a Python scr… Continue reading Use a custom Metasploit exploit
The injection is inside an <input> element for an email address. The injection payload is ";"@site.com. Once submitted, local cookie information appears inside the actual input textbox.
I’m on my journey to binary explotation, and it seems that at the time "Art of Exploitation" was written, things related to stack protection have been changed. Only after using -fno-stack-protector as an argument to gcc, I get th… Continue reading Ways to bypass stack protection