-
Recent Posts
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Death Note
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Pet Companion
- Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT
- Creating your own AMSI Bypass using Powershell Reflection Technique
- Linux Shared Library Hijacking
Recent Comments
- Xavi on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Xavi on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
- junsec on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
Archives
Categories
Meta
Author Archives: Xavi
Introduction to Format Strings Bugs
Format strings are the result of facilities for handling functions with variable arguments in the C programming language. Because it’s really C what makes format strings bugs possible, they affect every OS that has a C compiler. What is a … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability
Hello! Last week I was reading about PHP Type Juggling vulnerabilities and I decided to spend a couple of days learning about them. These vulnerabilities can happen during comparison of PHP variables, because PHP will automatically convert the data into … Continue reading
Posted in Hacking Web
Tagged CVE, forum, Hacking web, php, type juggling, usebb, vulnerability discovery
Leave a comment
Siemens Polarion – CVE-2019-13934, CVE-2019-13935, CVE-2019-13936
Hello, I write this blog post for people that is just starting in web application hacking. I recommend you that you just download some product or web application and start testing it. You are going to realize that sometimes is … Continue reading
Posted in Hacking Web
Tagged CVE, Hacking web, persistent XSS, vulnerability discovery, XSS
Leave a comment
MobaXterm Buffer Overflow – Malicious Sessions File import
Hello! In this blog post I will talk about the exploitation of a vulnerability that I discovered on August of 2019 in MobaXterm application. MobaXterm is a well known remote administration tool, that is used in many companies or in … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, Mobatek, MobaXterm, OSCE, OSCE exam, SEH, shellcode, x86
Leave a comment
SEH based local Buffer Overflow – DameWare Remote Support
Hello everyone! At this blog post I’m going to speak about a vulnerability that I detected at July of 2019 in DameWare Remote Support V. 12.1.0.34. DameWare is a well known remote administration tool that allows user to connect to … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, DameWare, exploit development, Fuzzing, hacking, OSCE, OSCE exam, SEH, shellcode, x86
Leave a comment
Bypassing Kaspersky AntiVirus 2018
Hello, In this blog post I’m going to show how to do a trick to bypass the Kaspersky 2018 AV. For the example, I’m going to use a netcat 99 binary that Kaspersky is going to detect as the following … Continue reading
Posted in Exploiting
Tagged antivirus, Assembly, av bypass, av evasion, backdoor, bypass, exploit-db, exploiting, hacking, kaspersky, OSCE, OSCE exam, shellcode, shellcoding, windows, x86
Leave a comment
Backdooring a Windows Binary bypassing ASLR memory protection
Hello, Today is a sunny day here in my country and I should be in the beach drinking a cold beer, but I don’t know why… I’m here at home embedding a backdoor inside a Windows binary. I’ve already wrote … Continue reading
Posted in Exploiting
Tagged antivirus, Assembly, av bypass, av evasion, backdoor, exploit-db, exploiting, hacking, OSCE, OSCE exam, shellcode, shellcoding, windows, x86
Leave a comment
Exploit Development – Vulnserver GTER – Limited Buffer Space – Socket Reuse
Hello everyone! After some weeks I managed to do all the known exercises of Vulnserver, also I did some of them with different methods. I reserved for the last one, the GTER exercise, that is a limited buffer space Buffer … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, shellcode, vulnserver, x86
Leave a comment
Exploit Development – Vulnserver HTER – Hex conversion
Hello! One more Vulnserver write-up. This one is HTER function, it has some similarities with his brother LTER. LTER was converting the buffer to Unicode and HTER is going to convert it to hexadecimal. Let’s see what happens when this … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, vulnserver, x86
Leave a comment
Exploit Development – Vulnserver LTER – Unicode conversion
Hello! One more blog post about Vulnserver, this time let’s do LTER exercise. It’s not a difficult one, but it has an important thing that we should understand when we are using Alphanumerical encoders. As always, we start the fuzzing … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, vulnserver, x86
Leave a comment