Collaborate Disseminate
I am second-year CS student, I know C, OOP concepts, x86 architecture, reverse engineering basics, TCP/IP stack and OS concepts, also I love Linux OS.
I have just one question:
Is it a mandatory to learn in depth a Linux kern… Continue reading Question about Linux kernel and ARM architecture
I was trying to overwrite fp function pointer to 0x8048424(win() location) so that function win() will be called to solve this problem(machine is little endian)
#include <stdlib.h>
#include <unistd.h>
#include &l… Continue reading What is the purpose of using hex escape sequences when writing buffer overflow exploits?
I’m working on a binary exploitation challenge where the target (ELF/x86_64) has stack canaries, NX and PIE enabled. It implements a simple forking TCP server. After a connection is established, it reads up to 0x420 bytes fro… Continue reading How to exploit buffer overflow without space after return address?
I am creating a ROP chain exploit on a 64 bit ELF.
So far I have been able to leak puts in libc and leak memory.
The issue I have is that when I build the second stage of the exploit to call a shell, pwntools is not detectin… Continue reading Pwntools not detecting recvline()
I’m trying to develop an already existing exploit for Windows XP.
All DLL’s are protected by ASRL, so I used an address in ultraiso.exe, but all addresses start with NULL-bytes.
So far, I followed the tutorial here. Everyth… Continue reading What does this opcode in my exploit code mean?
I am trying to see how a publicly known "vulnerable version of the library jquery" can be exploited to make proof of concepts to website owners.
Let’s say we have jquery version 2.1.1 that has known security issues.
If you search… Continue reading How to exploit publicy known vunerable version of jquery?
I am not newbie at exploit development , but I would like to have a solid useful fuzzing framework instead of picking every fuzzing to see if it’s work.. I Have a list of fuzzing framework which I would use in certain cases.
… Continue reading What’s a good fuzzing framework for fuzzing a local standalone GUI / network application / Browser?
I’m learning how to write kernel exploits and my shellcode keeps seg faulting.
I’m getting the memory address for commit_creds(prepare_kernel_cred(0));
#grep commit_creds /proc/kallsyms
c907eea0 T commit_creds
#grep prepar… Continue reading linux kernel exploit shellcode causes segfault
I’m working on an exploit for a course, where I finally have the EIP in my hands. My buffer is conveniently located at ESP and I could find a JMP ESP, which redirects the program flow to my buffer.
The only problem I have no… Continue reading Bufferoverflow development with EIP in control but forced to use a certain OPCODE
I’m trying to exploit ropasaurusrex binary. Basically It has buffer overflow vulnerability. Binary reads data from stdin and fills it to buffer.
My goal for payload is to overwrite EIP with address of read@plt and make progr… Continue reading Sending payload and additional commands via Python