All Questions
14 questions
0
votes
3
answers
374
views
Problems to put the shellcode into an easy program
I want to take the control of EBP and ESP to finally, when the program doing the ret, EIP will addressed to a shellcode, but I have a problem. The program is that:
#include <stdio.h>
#include &...
- 1
1
vote
1
answer
247
views
Debug.setlocal() security concerns
Is there any security concerns todo with debug.setlocal? If so can you please tell me how exactly it works.
- 11
0
votes
0
answers
367
views
Why can't I see my shellcode executing in Immunity Debugger?
I am doing an exercise on creating custom shellcode (windows). The goal is to create shellcode that will delete the firewall log file. I successfully spawned a reverse shell with metasploit, using a ...
- 1
0
votes
1
answer
46
views
Implications of leaving a system app in debug mode?
What are the possible dangers/implications of leaving a system app in debug mode, in a public OTA? Does it allow privilege escalation, by using something like run-as?
Thank you.
EDIT: A bit more ...
user7241550
4
votes
1
answer
4k
views
Register window in blank on immunity debugger
Everytime when I send a buffer 1000 bytes long to the freefloat ftp server in the MKD command , it crashes. I am trying to develop an exploit for it so I attached the immunity debugger to the ...
- 43
2
votes
2
answers
3k
views
How to fix GDB probable charset issue NOP 0x90 translating to 0x90c2 in memory?
I have a strange problem when working on a challenge and exploiting a executable in kali linux with gdb-peda.
#>gdb -q someVulnerableBinary
gdb-peda$ python
>shellcode=(
>"\x6a\x0b\x58\x99\...
- 181
1
vote
0
answers
487
views
ANDROID - How to debug system services on Android using GDB
I m interested in security stuff and I want to start with Android device to test this OS. I ve seen that there are many exploit for Android (the most famous is the stagefright case) and I m also ...
- 733
0
votes
1
answer
366
views
How to find vulnerabilities in stripped binaries?
Do you just use tools like strace and a debugger to disassemble and find syscalls and then read the disassembly to find say for example a buffer overflow? Is that all you can do? I mean after all you ...
- 81
0
votes
1
answer
129
views
Why is GDB outpting memory in decimals?
I'm simply trying to examine memory in GDB. For instance say I fill a buffer with "A"'s, and then I find where my "A"'s start and then dump that memory value I the memory in decimals apparently.
Then ...
- 81
0
votes
1
answer
732
views
In multi thread process, when "[Switching to Thread]" in gdb?
When I'm debugging multi thread process in gdb, I meet "[Switching to Thread ~~ (LWP ~~)]". When the thread is changing to other thread, and why? I guess switching can be occurred by interrupt such as ...
- 5
0
votes
1
answer
1k
views
What is "Unable to handle kernel paging request at 00000000313337000"
I wanted to work through this independent study http://security.cs.rpi.edu/~candej2/syllabus.pdf myself to pick up some basics on exploit writing and actually being able to write an exploit from ...
- 416
2
votes
1
answer
4k
views
Why is cesarftp python exploits not working?
I tested on my server that has cesarftp running. I debugged the ftp server on the server using ollydbg.
The exploit I used is http://www.exploit-db.com/exploits/1906/
#!/usr/bin/python
#CesarFtp 0....
- 69
2
votes
2
answers
2k
views
Format string bugs - exploitation
I'm trying to exploit my format string bug, which lies in this program:
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
#include <stdio.h>
#include <string....
- 1,534
3
votes
2
answers
382
views
How are clientside security vulnerabilities generally discovered?
I mean in operating systems or their applications. The only way I can think of is examine binaries for the use of dangerous functions like strcpy(), and then try to exploit those. Though with compiler ...
- 561