Author Archives: Xavi

Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT

Hello everyone, Recently I’ve been learning about Windows x86 shellcoding and I decided to write a shellcode by my own. My idea was to write a shellcode that creates a new user and make it local administrator. You can find … Continue reading

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Creating your own AMSI Bypass using Powershell Reflection Technique

Introduction Today I was reviewing one topic about AV Evasion and I was trying to understand how AMSI works and how we can interact with it. As a quick introduction, AMSI is the The Windows Antimalware Scan Interface, a interface … Continue reading

Posted in Uncategorized | Tagged , , , , , , | Leave a comment

Linux Shared Library Hijacking

Hello everyone! In this blog post I would like to cover an interesting topic that is not as well known as Windows DLL Hijacking: Linux Shared Library Hijacking. Both concepts are similar but the exploitation is a bit different, I … Continue reading

Posted in Uncategorized | Tagged , , , , , , | Leave a comment

Protostar – Format Strings – Level 4

Hello everyone! This is the blog post for the level 4 format level of Protostar, that is the last one. This is the hint: And this is the code: Before I start, I have to say that I had no … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 3

This is another post about Protostar exploiting box. Let’s start working in the interesting levels 🙂 This is the hint for the level: And this is the code: As the level starts as the last one, I’m going to cover … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 2

Hello everyone, Let’s continue working in Protostar exploit exercises 🙂 Next exercise says the following: And this is the code for this level 2: This time, the input is received in a different way: Let’s start as the past levels. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 1

Let’s continue working in ProtoStar exploiting exercises. Let’s see how to solve the Format String level 1. As always, first let’s read the level description. Exercise: This level shows how format strings can be used to modify arbitrary memory locations. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 0

Hello everyone! In this blog post I will cover the solution for the Exploiting exercise named ProtoStar that is related to Format String vulnerabilities. Let’s see the first level: Exercise 0: This level introduces format strings, and how attacker supplied … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Introduction to Format Strings Bugs

Format strings are the result of facilities for handling functions with variable arguments in the C programming language. Because it’s really C what makes format strings bugs possible, they affect every OS that has a C compiler. What is a … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability

Hello! Last week I was reading about PHP Type Juggling vulnerabilities and I decided to spend a couple of days learning about them. These vulnerabilities can happen during comparison of PHP variables, because PHP will automatically convert the data into … Continue reading

Posted in Hacking Web | Tagged , , , , , , | Leave a comment