Category Archives: Exploiting

CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Death Note

Hello everyone! As I explained in the last blog entry, I have participated with my job teammates in a Hack the Box CTF, this is the link: https://www.hackthebox.com/events/cyber-apocalypse-2024 And this is the team that we were part of: https://ctftime.org/team/198916 This … Continue reading

Posted in Exploiting | Tagged , , , , , , | Leave a comment

CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Pet Companion

Hello everyone! Today I want to write a couple of write-ups of a CTF that we have participated with our work colleagues from Exness. As I’m trying to improve in binary exploitation topic I would like to document here some … Continue reading

Posted in Exploiting | Tagged , , , , , , | Leave a comment

Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT

Hello everyone, Recently I’ve been learning about Windows x86 shellcoding and I decided to write a shellcode by my own. My idea was to write a shellcode that creates a new user and make it local administrator. You can find … Continue reading

Posted in Exploiting | Tagged , , , , , , , | Leave a comment

Protostar – Format Strings – Level 4

Hello everyone! This is the blog post for the level 4 format level of Protostar, that is the last one. This is the hint: And this is the code: Before I start, I have to say that I had no … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 3

This is another post about Protostar exploiting box. Let’s start working in the interesting levels 🙂 This is the hint for the level: And this is the code: As the level starts as the last one, I’m going to cover … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 2

Hello everyone, Let’s continue working in Protostar exploit exercises 🙂 Next exercise says the following: And this is the code for this level 2: This time, the input is received in a different way: Let’s start as the past levels. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 1

Let’s continue working in ProtoStar exploiting exercises. Let’s see how to solve the Format String level 1. As always, first let’s read the level description. Exercise: This level shows how format strings can be used to modify arbitrary memory locations. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 0

Hello everyone! In this blog post I will cover the solution for the Exploiting exercise named ProtoStar that is related to Format String vulnerabilities. Let’s see the first level: Exercise 0: This level introduces format strings, and how attacker supplied … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Introduction to Format Strings Bugs

Format strings are the result of facilities for handling functions with variable arguments in the C programming language. Because it’s really C what makes format strings bugs possible, they affect every OS that has a C compiler. What is a … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

MobaXterm Buffer Overflow – Malicious Sessions File import

Hello! In this blog post I will talk about the exploitation of a vulnerability that I discovered on August of 2019 in MobaXterm application. MobaXterm is a well known remote administration tool, that is used in many companies or in … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , | Leave a comment