exploit-development – Page 4

How to read memory from format string exploit correctly

Posted on April 3, 2021 by Jaime_mc2

I’m trying to solve a problem on format string exploitation in which I have to overwrite anything in a specific address. Since the target address has a null byte at the begining, I need to write it at the end of the format string, and I wa… Continue reading How to read memory from format string exploit correctly→

Flexera FlexNet Publisher 11.14.1 [closed]

Posted on March 24, 2021 by Aldugama

I’m trying to hack into this system, by order of a client but I can’t see the way through, could someone help me, please?
The system’s vulnerabilities have got this CVE identificators: CVE-2018-20031, CVE-2018-20032, CVE-2018-20033, CVE-20… Continue reading Flexera FlexNet Publisher 11.14.1 [closed]→

Can’t overwrite EIP in bufferoverflow example

Posted on March 22, 2021 by n00b.exe

I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it.
However, despite all the resources online, I keep… Continue reading Can’t overwrite EIP in bufferoverflow example→

Is a single infoleak enough to break ASLR if you don’t have access to the binary?

Posted on February 8, 2021 by aslr

With a single infoleak and access to the binary you can calculate the other addresses. Is this still possible when you don’t have access to the binary?

Continue reading Is a single infoleak enough to break ASLR if you don’t have access to the binary?→

WebApp Windows Command Injection without "||"

Posted on February 4, 2021 by John Doe

I’ve found an application that allows arbitrary file upload (client side validation on file extensions), however those files are not stored in a folder which is accessible by the webserver, so a web shell is not possible.
However, due to … Continue reading WebApp Windows Command Injection without "||"→

Exploiting buffer overflow in 64-bit macOS executable

Posted on January 29, 2021 by nalzok

I’m following this tutorial to create a buffer overflow demo. The article illustrates a 32-bit executable, but I’m feeling adventurous and decided to do a 64-bit one. Below is the deliberately vulnerable code, and our goal is to call secre… Continue reading Exploiting buffer overflow in 64-bit macOS executable→

Could a virus force a phone to download an app and spread it?

Posted on January 26, 2021 by Jori Richman

I’m writing a sci-fi story that includes a malicious app that spreads globally. The developer publishes an app without knowing it’s infected, and it spreads because it forces phones to download it. Are there any mechanisms that might make … Continue reading Could a virus force a phone to download an app and spread it?→

How can I generate a binary from an payload without any other addons?

Posted on January 22, 2021 by 404

For example how do I turn the payload/windows/format_all_drives into an exe without any other fancy addons?
(I am talking about using msfvenom FYI)

Continue reading How can I generate a binary from an payload without any other addons?→

How do attackers determine ROP gadgets remotely?

Posted on December 21, 2020 by asd40732

Being gadgets change per each system and architecture (do they?), how would an attacker be able to determine the offsets of various Return Oriented Programming gadgets, would an attacker first need to determine:
-The operating system?
-The… Continue reading How do attackers determine ROP gadgets remotely?→

Assigning memory address of shellcode to buffer (for buffer overflow input)

Posted on December 19, 2020 by asd40732

I am attempting to exploit HEVD kernel driver buffer overflow challenge:
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
However when running the below code my windows 7 machine doesn’t execute the desired shellcode (assign c… Continue reading Assigning memory address of shellcode to buffer (for buffer overflow input)→