Collaborate Disseminate
I’m scanning my docker image using Tirvy for vulnerabilities. This is my Dockerfile
FROM python:3.10-slim
ARG PORT=5000
WORKDIR /app
COPY . /app
RUN apt-get update && apt-get upgrade -y
RUN pip3 install -r requirements.txt
I am learning libc shellcode attacks and trying to execute /bin/sh from system
I can execute other commands from system like whoami and ls -a but can not run /bin/sh
the following works
string = b"ls -a\0"
# system, _exit, system… Continue reading system doesn’t invoke /bin/sh
I’m hope this is the right StackExchange to ask the following question
I’m currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I’m facing is debugging challenges desi… Continue reading CTF setup for debugging heap exploits
I’m currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I’m facing is debugging challenges designed for a certain glibc version. I know there are some differences bet… Continue reading CTF setup for debugging heap exploits
How does strings find the offset for the string /bin/sh inside of libc.so.6
strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep “/bin/sh”
Continue reading How does strings find the offset for a string? [on hold]
I am working on my school thesis.
I am trying to inject some shellcode into a shared library using Dirty Cow vulnerability on Android x86.
My shellcode is written in asembly and only calls sys_execve with an argument touc… Continue reading Could not load library libcutils.so while injecting shellcode
I found this interesting post on jop, and since I was not familiar with the concept I decided to play with it. I managed to call arbitrary functions defined in my binary with or without arguments, but never managed to run the… Continue reading Jump Oriented Programming segmentation fault issue
I’m studying the Return-to-libc Attack and I understand the concept. But one thing still does not make sense. In order to make the attack I need the memory address of system() and “/bin/sh”, which is different on every system… Continue reading Return-to-libc Attack mystery
I am attempting to practice some return-to-libc exercise found here but I’m stumped.
According to the exercise, I am suppose to be able to obtain a shell by arranging my input as follows:
|——————————-|-… Continue reading Unable to system("/bin/sh") in return to libc practice
I am attempting to practice some return-to-libc exercise found here but I’m stumped.
According to the exercise, I am suppose to be able to obtain a shell by arranging my input as follows:
|——————————-|-… Continue reading Unable to system("/bin/sh") in return to libc practice