-
Recent Posts
Recent Comments
- Xavi on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Xavi on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
- junsec on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
Archives
Categories
Meta
Author Archives: Xavi
Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT
Hello everyone, Recently I’ve been learning about Windows x86 shellcoding and I decided to write a shellcode by my own. My idea was to write a shellcode that creates a new user and make it local administrator. You can find … Continue reading
Posted in Uncategorized
Tagged administrator, Assembly, exploit development, exploiting, osed, shellcode, shellcoding, x86
Leave a comment
Creating your own AMSI Bypass using Powershell Reflection Technique
Introduction Today I was reviewing one topic about AV Evasion and I was trying to understand how AMSI works and how we can interact with it. As a quick introduction, AMSI is the The Windows Antimalware Scan Interface, a interface … Continue reading
Linux Shared Library Hijacking
Hello everyone! In this blog post I would like to cover an interesting topic that is not as well known as Windows DLL Hijacking: Linux Shared Library Hijacking. Both concepts are similar but the exploitation is a bit different, I … Continue reading
Posted in Uncategorized
Tagged C, hacking, Linux Privilege Escalation, OSEP, Shared Library, shellcode, VIM
Leave a comment
Protostar – Format Strings – Level 4
Hello everyone! This is the blog post for the level 4 format level of Protostar, that is the last one. This is the hint: And this is the code: Before I start, I have to say that I had no … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, GOT, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 3
This is another post about Protostar exploiting box. Let’s start working in the interesting levels 🙂 This is the hint for the level: And this is the code: As the level starts as the last one, I’m going to cover … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 2
Hello everyone, Let’s continue working in Protostar exploit exercises 🙂 Next exercise says the following: And this is the code for this level 2: This time, the input is received in a different way: Let’s start as the past levels. … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 1
Let’s continue working in ProtoStar exploiting exercises. Let’s see how to solve the Format String level 1. As always, first let’s read the level description. Exercise: This level shows how format strings can be used to modify arbitrary memory locations. … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 0
Hello everyone! In this blog post I will cover the solution for the Exploiting exercise named ProtoStar that is related to Format String vulnerabilities. Let’s see the first level: Exercise 0: This level introduces format strings, and how attacker supplied … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Introduction to Format Strings Bugs
Format strings are the result of facilities for handling functions with variable arguments in the C programming language. Because it’s really C what makes format strings bugs possible, they affect every OS that has a C compiler. What is a … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability
Hello! Last week I was reading about PHP Type Juggling vulnerabilities and I decided to spend a couple of days learning about them. These vulnerabilities can happen during comparison of PHP variables, because PHP will automatically convert the data into … Continue reading
Posted in Hacking Web
Tagged CVE, forum, Hacking web, php, type juggling, usebb, vulnerability discovery
Leave a comment