-
Recent Posts
- Introduction to Format Strings Bugs
- CVE-2020-10963 – Unrestricted File Upload in FrozenNode/Laravel-Administrator
- CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability
- Siemens Polarion – CVE-2019-13934, CVE-2019-13935, CVE-2019-13936
- MobaXterm Buffer Overflow – Malicious Sessions File import
Recent Comments
Archives
Categories
Meta
Monthly Archives: July 2019
Backdooring a Windows Binary bypassing ASLR memory protection
Hello, Today is a sunny day here in my country and I should be in the beach drinking a cold beer, but I don’t know why… I’m here at home embedding a backdoor inside a Windows binary. I’ve already wrote … Continue reading
Posted in Exploiting
Tagged antivirus, Assembly, av bypass, av evasion, backdoor, exploit-db, exploiting, hacking, OSCE, OSCE exam, shellcode, shellcoding, windows, x86
Leave a comment
Exploit Development – Vulnserver HTER – Hex conversion
Hello! One more Vulnserver write-up. This one is HTER function, it has some similarities with his brother LTER. LTER was converting the buffer to Unicode and HTER is going to convert it to hexadecimal. Let’s see what happens when this … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, vulnserver, x86
Leave a comment
Exploit Development – Vulnserver LTER – Unicode conversion
Hello! One more blog post about Vulnserver, this time let’s do LTER exercise. It’s not a difficult one, but it has an important thing that we should understand when we are using Alphanumerical encoders. As always, we start the fuzzing … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, vulnserver, x86
Leave a comment
Exploit Development – Vulnserver GMON – Egghunter
Hello everyone! This post is going to be another write-up of vulnserver. I’m going to do GMON exercise that contains basically an standard SEH based Remote Buffer Overflow vulnerability. I will try to make this post useful for anyone that … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, vulnserver, x86
Leave a comment
CVE-2018-12897 – Exploit Development – SolarWinds DameWare Local Buffer Overflow
Hello everyone! Last week I’ve been having fun trying to create exploits for already discovered vulnerabilities. I’m currently preparing the OSCE exam, and I decided that after doing some Vulnserver exercises… I needed to start working on “more realistic” exploits. … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CVE-2018-12897, DameWare, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, x86
Leave a comment