Collaborate Disseminate
I want to practice ethical hacking at home. I have a repeater in the house that has dropbear sshd 2011.54.
When i scanned this repeater with nessus, it found that I am exposed to the following exploits:
CVE-2016-7406 –> exp… Continue reading Dropbear-CVE-2016-740* exploit is not clear [on hold]
I’m currently trying out a simple format string vuln exploit. The target program looks like this:
int main(int argc, char *argv[])
{
char buffer[1024];
strncpy(buffer, argv[1], sizeof(buffer));
printf(buffer);
… Continue reading Shellcode as part of format string buffer
I wanted to exploit this code using format string vulnerability:
int jackpot;
void fmt_str(void)
{
char buf[128];
puts(“Give me a string to print”);
read(0, buf, 128);
printf(buf);
printf(“jackpot @ %p … Continue reading Format String Vulnerability – Can’t read an address from stdin with read() in C
I found a daemon running as uid 0 that has a string format vulnerability. It is compiled with -Wformat-security and -D_FORTIFY_SOURCE=2 on. I’m trying to write an exploit for it, but what I get is:
0000000000018370 <g_l… Continue reading String Format Exploit x64 compiled with -Wformat-security -D_FORTIFY_SOURCE=2 on
I am working on a 32-bit binary which reads an input from the user and uses that input as a format string for printf.
I need to overwrite a specific address with a single byte.
The issue is that I am not able to overwrite the address wit… Continue reading Help with Format String Exploit
Here is a javascript script form (saved as a html by adding . I replace alot of the numbers with “#.”
I’m trying to find someone to tell me how I would go about getting access by cracking the password. I just want to know th… Continue reading Crack Javascript Form Password Protected Form [on hold]
I am using Hydra to brute force a login http form (Method: post), but I’m getting false positives (passwords that aren’t valid)
I believe I know the reason, I just don’t know how to handle it:
The failure of the request prod… Continue reading Hydra: Brute force an http form, all arguments are supplied but the login error has other string formats and is too big
I’ve been practicing format-string attacks lately and I thought I knew how it works but after hours of research I did not manage to get the expected results.
I made a sample program which has a filled buffer and a format-str… Continue reading Incomplete Data In Format String Dump
I have some issues trying to resolve a wargame with a format string vulnerability.
So here is the code of the program:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(int argc, char ** a… Continue reading Stack behavior on function call during a format string exploit
I try exploit a format string in a vulnerable program.
For information, it is the lab4A of the RPIsec course.
The NX protection and ASLR is disable but the program is FULL RELRO.
So my idea, it is to overwrite the ret addre… Continue reading Overwrite return adress with a format string vulnerability without gdb