Tag Archives: Fuzzing

Protostar – Format Strings – Level 4

Posted on November 28, 2020 by Xavi

Hello everyone! This is the blog post for the level 4 format level of Protostar, that is the last one. This is the hint: And this is the code: Before I start, I have to say that I had no … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 3

Posted on November 22, 2020 by Xavi

This is another post about Protostar exploiting box. Let’s start working in the interesting levels 🙂 This is the hint for the level: And this is the code: As the level starts as the last one, I’m going to cover … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 2

Posted on November 22, 2020 by Xavi

Hello everyone, Let’s continue working in Protostar exploit exercises 🙂 Next exercise says the following: And this is the code for this level 2: This time, the input is received in a different way: Let’s start as the past levels. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 1

Posted on November 7, 2020 by Xavi

Let’s continue working in ProtoStar exploiting exercises. Let’s see how to solve the Format String level 1. As always, first let’s read the level description. Exercise: This level shows how format strings can be used to modify arbitrary memory locations. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Protostar – Format Strings – Level 0

Posted on November 7, 2020 by Xavi

Hello everyone! In this blog post I will cover the solution for the Exploiting exercise named ProtoStar that is related to Format String vulnerabilities. Let’s see the first level: Exercise 0: This level introduces format strings, and how attacker supplied … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

Introduction to Format Strings Bugs

Posted on October 18, 2020 by Xavi

Format strings are the result of facilities for handling functions with variable arguments in the C programming language. Because it’s really C what makes format strings bugs possible, they affect every OS that has a C compiler. What is a … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , , | Leave a comment

MobaXterm Buffer Overflow – Malicious Sessions File import

Posted on September 1, 2019 by Xavi

Hello! In this blog post I will talk about the exploitation of a vulnerability that I discovered on August of 2019 in MobaXterm application. MobaXterm is a well known remote administration tool, that is used in many companies or in … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , , | Leave a comment

SEH based local Buffer Overflow – DameWare Remote Support

Posted on August 31, 2019 by Xavi

Hello everyone! At this blog post I’m going to speak about a vulnerability that I detected at July of 2019 in DameWare Remote Support V. 12.1.0.34. DameWare is a well known remote administration tool that allows user to connect to … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , , | Leave a comment

Exploit Development – Vulnserver GTER – Limited Buffer Space – Socket Reuse

Posted on July 21, 2019 by Xavi

Hello everyone! After some weeks I managed to do all the known exercises of Vulnserver, also I did some of them with different methods. I reserved for the last one, the GTER exercise, that is a limited buffer space Buffer … Continue reading

Posted in Exploiting | Tagged , , , , , , , , | Leave a comment

Exploit Development – Vulnserver HTER – Hex conversion

Posted on July 20, 2019 by Xavi

Hello! One more Vulnserver write-up. This one is HTER function, it has some similarities with his brother LTER. LTER was converting the buffer to Unicode and HTER is going to convert it to hexadecimal. Let’s see what happens when this … Continue reading

Posted in Exploiting | Tagged , , , , , , , , , | Leave a comment