glibc – WindowsTechs.com

Bash deletes null bytes in exploit input for ROP/returntolibc

Posted on March 30, 2024 by germphjd

I am trying to do a returntolibc exploit. The goal is to gain a shell with root privilege by calling setuid(0) and then system("/bin/sh"). I have been agonizing over trying to get this thing to accept my payload, but bash keeps d… Continue reading Bash deletes null bytes in exploit input for ROP/returntolibc→

This Week in Security: Glibc, Ivanti, Jenkins, and Runc

Posted on February 2, 2024 by Jonathan Bennett

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly …read more Continue reading This Week in Security: Glibc, Ivanti, Jenkins, and Runc→

Questions on GLIBC Heap Exploitation (House of Force)

Posted on January 26, 2024 by localacct

This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read

https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i
https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i/house-of-force-ii
… Continue reading Questions on GLIBC Heap Exploitation (House of Force)→

Questions on GLIBC Heap Exploitation (House of Force)

Posted on January 26, 2024 by localacct

This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read

Questions on GLIBC Heap Exploitation (House of Force)

Posted on January 26, 2024 by localacct

This is with reference to Max Kamper’s video on GLIBC heap exploitation and these articles I read

Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it

Posted on December 3, 2023 by Roman Grazhdan

I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian’s security tracker states it’s fixed: https://security-tracker.debian.org/tracker/CVE-2023-25139 – specifical… Continue reading Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it→

Where do stack pointer differences to stack base originate from on Linux?

Posted on February 15, 2023 by milck

Let’s assume we have this simple program:
void main() {
int x;
printf("%p", &x);
}

Assuming the stack is mapped something like this:
0x007ffffffdd000 0x007ffffffff000 0x00000000000000 rw- [stack]

I might get an outp… Continue reading Where do stack pointer differences to stack base originate from on Linux?→

Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?

Posted on July 3, 2022 by Anthony

According to docs:

To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters …

and

In all cases, the random characters should be chosen from the alphabet ./0-9A-Z… Continue reading Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?→

How to fix CVE-2021-33574 [closed]

Posted on December 20, 2021 by Rumesh Madhusanka

I’m scanning my docker image using Tirvy for vulnerabilities. This is my Dockerfile
FROM python:3.10-slim

ARG PORT=5000

WORKDIR /app
COPY . /app

RUN apt-get update && apt-get upgrade -y
RUN pip3 install -r requirements.txt

RUN … Continue reading How to fix CVE-2021-33574 [closed]→

system doesn’t invoke /bin/sh

Posted on October 12, 2020 by Devharsh Trivedi

I am learning libc shellcode attacks and trying to execute /bin/sh from system
I can execute other commands from system like whoami and ls -a but can not run /bin/sh
the following works
string = b"ls -a\0"
# system, _exit, system… Continue reading system doesn’t invoke /bin/sh→