-
Recent Posts
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Death Note
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Pet Companion
- Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT
- Creating your own AMSI Bypass using Powershell Reflection Technique
- Linux Shared Library Hijacking
Recent Comments
- Xavi on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Xavi on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
- junsec on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
Archives
Categories
Meta
Tag Archives: Boofuzz
Protostar – Format Strings – Level 4
Hello everyone! This is the blog post for the level 4 format level of Protostar, that is the last one. This is the hint: And this is the code: Before I start, I have to say that I had no … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, GOT, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 3
This is another post about Protostar exploiting box. Let’s start working in the interesting levels 🙂 This is the hint for the level: And this is the code: As the level starts as the last one, I’m going to cover … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 2
Hello everyone, Let’s continue working in Protostar exploit exercises 🙂 Next exercise says the following: And this is the code for this level 2: This time, the input is received in a different way: Let’s start as the past levels. … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 1
Let’s continue working in ProtoStar exploiting exercises. Let’s see how to solve the Format String level 1. As always, first let’s read the level description. Exercise: This level shows how format strings can be used to modify arbitrary memory locations. … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Protostar – Format Strings – Level 0
Hello everyone! In this blog post I will cover the solution for the Exploiting exercise named ProtoStar that is related to Format String vulnerabilities. Let’s see the first level: Exercise 0: This level introduces format strings, and how attacker supplied … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
Introduction to Format Strings Bugs
Format strings are the result of facilities for handling functions with variable arguments in the C programming language. Because it’s really C what makes format strings bugs possible, they affect every OS that has a C compiler. What is a … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, CTF, exploit development, Format Strings, Fuzzing, hacking, OSCE, OSCE exam, ProtoStar, SEH, shellcode, x86
Leave a comment
MobaXterm Buffer Overflow – Malicious Sessions File import
Hello! In this blog post I will talk about the exploitation of a vulnerability that I discovered on August of 2019 in MobaXterm application. MobaXterm is a well known remote administration tool, that is used in many companies or in … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, Mobatek, MobaXterm, OSCE, OSCE exam, SEH, shellcode, x86
Leave a comment
SEH based local Buffer Overflow – DameWare Remote Support
Hello everyone! At this blog post I’m going to speak about a vulnerability that I detected at July of 2019 in DameWare Remote Support V. 12.1.0.34. DameWare is a well known remote administration tool that allows user to connect to … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, DameWare, exploit development, Fuzzing, hacking, OSCE, OSCE exam, SEH, shellcode, x86
Leave a comment
Exploit Development – Vulnserver GTER – Limited Buffer Space – Socket Reuse
Hello everyone! After some weeks I managed to do all the known exercises of Vulnserver, also I did some of them with different methods. I reserved for the last one, the GTER exercise, that is a limited buffer space Buffer … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, shellcode, vulnserver, x86
Leave a comment
Exploit Development – Vulnserver HTER – Hex conversion
Hello! One more Vulnserver write-up. This one is HTER function, it has some similarities with his brother LTER. LTER was converting the buffer to Unicode and HTER is going to convert it to hexadecimal. Let’s see what happens when this … Continue reading
Posted in Exploiting
Tagged Assembly, Boofuzz, exploit development, Fuzzing, hacking, OSCE, OSCE exam, shellcode, vulnserver, x86
Leave a comment