All Questions
77 questions
5
votes
2
answers
99
views
Segmentation fault in C shellcode x64
I am learning about shellcode development in C with an example from here. I can compile the assembly code and get de opcodes, also I can run successfully the ELF compiled with NASM, but I get a ...
- 135
0
votes
1
answer
1k
views
Converting shellcode hex bytes to text based inputs in Python for an unknown byte value '\x87'? Not a UTF-8 string?
So I am currently doing a beginner CTF challengeon pwnable.tw, the "start" challenge specifically. After reversing the challenge binary I found out there was a buffer overflow exploit, and ...
0
votes
2
answers
246
views
Exploit the code calling call_me function + use of shellcode
I need to exploit the following code but not sure how to do it.
The idea is to exploit the code trying to call the function which is not used call_me.
Second idea is to exploit the code using a ...
- 1
0
votes
1
answer
341
views
Simple buffer overflow exploit doesn't work
I was trying to reproduce the first buffer overflow exploit in C written inside the Hacking art of exploitation book. I tried it on the Stack5 exercise in Protostar vm but it didn't work. Of course I ...
0
votes
0
answers
33
views
Converting generated shellcode to hexademical
I have written the following shellcode, which spawns a shell.
global _start
_start:
jmp short GotoCall
shellcode:
pop esi
xor eax, eax
mov ...
- 11
1
vote
0
answers
1k
views
Unable to setuid() in shellcode before execve
I've got the following shellcode which I can convince a setuid binary to execute as the result of a buffer overflow:
push 1009 ; #owner_userid
pop rdi
push 105
pop rax
syscall ; #sys_setuid(1009)
xor ...
- 387
0
votes
1
answer
1k
views
"must be a string without null bytes" or "can't concat str to bytes" passing a payload on a command line
I am trying to create an exploit for an exercise but I have a problem with the following code:
#!/usr/bin/python
import os
import struct
address = struct.pack("I",0x201014)
payload = address+...
- 15
1
vote
2
answers
4k
views
How to deal with a bad char in a shellcode buffer overflow?
So I got recently interested in buffer overflow and many tutorials and recourses online have this CTF like attack where you need to read the content of a flag file (using cat for example).
So I ...
- 193
1
vote
1
answer
702
views
Windows Defender defines completely harmless code as potentially dangerous software
import ctypes
shellcode = bytearray(b"SHELLCODE WAS HERE")
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
...
0
votes
0
answers
255
views
Shellcode executes in GDB but fails to execute in normal operation
I am working on a challenge that requires me to use x86 shellcode in order to gain access to a shell. The payload is delivered via stdin using either ./vuln <input or cat input |./vuln.
When ...
1
vote
1
answer
5k
views
mongodb – SSJI to RCE
as part of a lab I am doing I need to exploit MongoDB. I know I can input code into a search box that queries the MongoDB. I have updated the code with my shell code, but I won't include that, I will ...
- 215
0
votes
1
answer
242
views
"The Shellcoder's Handbook" attack.c does not make sense
From "The Shellcoder's Handbook", victim.c is as follows
// victim.c
int main(int argc,char *argv[])
{
char little_array[512];
if (argc > 1)
strcpy(little_array,argv[1]);
}
Its ...
- 49
-1
votes
2
answers
822
views
Bash Syntax Problems for Exploit
I found an exploit at exploit-db for the OpenNetAdmin 18.1.1
I have to adjust this script so it work for me but I don't get this done.
This is what I have so far:
URL="xxx.xxx.xxx.xxx/ona"
while ...
- 347
1
vote
0
answers
101
views
Is there something I'm missing while converting the x86 code to x86-64 code? [duplicate]
I'm writng a basic x86-64 assembly program on my linux system(x86-64) to print "Trollll" on execution, and it doesn't seem to work.
This is the code I've written.
The file name is hello1.asm
...
- 11
0
votes
1
answer
454
views
SIGSEGV caused by inc BYTE PTR [rip+0xc]
I am trying to modify .byte 0x0e and .byte 0x04. I tried to use inc byte ptr [rip+offset] to get to the address of .byte 0x0e and .byte 0x04 and change them. I ran gef and got SIGSEGV at those command....
- 49