Collaborate Disseminate
I usually use a different method to push /bin/sh in rdi to get a shell, but I wanted to try this one :
Put in case that I can control the RIP and there are no limitations or filters. So I can execute the assembly code as I want.
mov rax, … Continue reading push /bin/sh to get a shell
When I compile my shellcode and run it, Strace does not show an error.
When I use my shellcode tester, I get a segmentation fault. I don’t know why, maybe there’s a smarter guy than me who can help me solve the problem I’ve been having for… Continue reading why does my shellcode segfault assembly x86-64bit? [migrated]
The following code should be exploited and I need to exploit it in such a way that it runs my command (l33t) and there should be shellcode and exploit included, so that it runs my command. I believe I need to use GDB and it has something t… Continue reading How can I exploit the following code using string format vulnerabilities, Global offset table & GDB? [closed]
I’m learning how to exploit a tiny web server based on a well written post here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html
I am very close to successfully exploiting it, but I am stuck on … Continue reading How to properly pack address into bytes to overwrite EIP register
I have an existing Outbound Rule in my firewall with a set of specified IP addresses. For enhanced security, I want to append additional IP addresses to this rule using a shell script. I am trying to execute the following command:
netsh ad… Continue reading One or more essential parameters were not entered powershell for firewall outbound rule command [migrated]
Working on a CTF challenge and the coordinators hint suggests that one of the vectors to inject shellcode is via pathing. Looking at debugging prints does show the cwd and filename are passed onto the stack and a quick test shows creating … Continue reading Encoding shellcode to hide in filename / directory
How to make the shellcode work. The stack is not correctly allocated, it gives a write-by-address error. I use msvc compiler. /Od /DYNAMICBASE:NO /MT /GS-.
Code:
#pragma code_seg(".text")
inline void stub()
{
… Continue reading Problem with array allocation in shellcode [closed]
I am developing a custom shellcode encoder in C++. It takes shellcode as a command line argument and generates encoded shellcode (unsigned char array) and the instructions to decode it (C/C++ code). I then use the output of my encoder into… Continue reading Decoding shellcode gets detected in memory on runtime
(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export EGG=`python3 -c "import sys; sys…. Continue reading Exporting shellcode to environment variable doesn’t work as expected
I currently got interested in binary exploitation (even though I do not know if today is still useful).
I started studying shellcode and buffer overflow (stack-buffer overflow, specifically). I know that this vulnerability is nowadays rare… Continue reading Unable to execute shellcode on x86_64 architecture