Questions tagged [exploit]
Using techniques to change the behavior of an application or application component in order to use it to ones advantage. When used it is often referred to software exploitation where an attacker can take control of an applications execution flow in order to run arbitrary code.
124 questions
1
vote
0
answers
45
views
Potential vulnerabilities in a binary run as root
I am given a vulnerable 64-bit stripped application, it conducts basic password strength checks on linux(/etc/shadow). The application receives workers(which creates worker process for performing the ...
- 111
1
vote
0
answers
94
views
How do you get into Vulnerability Research as a career?
How do you break into Vulnerability Research (with focus on mobile security).
I noticed that all vulnerability research positions expect you to already have the knowledge and career experience, other ...
- 11
1
vote
1
answer
204
views
ARM64 Stack Layout - Why 100x'A' Doesn't Crash?
I'm trying to exploit a buffer overflow vulnerability in an ARM64 program from this blog.
When I give as input 100*'A', and I compile the program for ARM 32 bit (without canaries), the program crashes ...
- 113
1
vote
0
answers
67
views
What factors affect the base address of a shared object?
I'm looking at a CVE for an old thrift shop router that amounts to a stack based buffer overflow with no NULL characters allowed. I can control the instruction pointer register as well as a few less ...
- 105
2
votes
0
answers
220
views
Overwriting the Global Offset Table + format string vulnerability
I am trying to understand how to overwrite the Global Offset Table. On the book "Hacking: The Art of Exploitation". Following the example I get:
objdump -R ./fmt ...
- 31
1
vote
0
answers
113
views
Binary Exploitation
I am trying to learn binary exploitation. I can modify the binary behaviour with gdb, but I have not understood how to exploit the binary in C.
I've found some references on "Hacking - the art of ...
- 31
3
votes
0
answers
149
views
format-string + ret2libc (or format string only)?
I found that we have a format-string bug with in argument 7. I found a function containing system(/bin/sh)). So I'm not saying stupidity I have to mess with a format-string and a ret2libc (correct me ...
- 31
2
votes
0
answers
51
views
Is there a way to run arbitrary code on a vtech Nitro Vision?
Note: If this the wrong place to ask the question, please redirect me to the appropriate stack exchange and/or subreddit. I just figured reverse engineering is my best bet since it's kinda what I'm ...
- 21
3
votes
0
answers
61
views
plugin/script for radare2 similar to mona for immunity debugger
I would like to use radare2 for windows exploit-development, however I could not find a way to emulate the functionality of using Immunity-Debugger + mona.py when checking for badchars. Is there a ...
- 31
1
vote
0
answers
143
views
Reversing Assembly Code (ASM) to Extract Password (Pin)
I'm new to binary exploitation and CTF challenges. I need to solve a CTF challenge and find the flag. All the program does is display "Flag length is: 32". I've tried to analyze the file ...
3
votes
1
answer
874
views
How to resolve illegal instruction for this ARM stack exploitation?
Summary
I am trying to write a stack overflow exploit for ARM Cortex-A72 running
Raspberry Pi OS (32-bit). Because of my choice of OS, I am restricted to
the ARMv7 (32-bit) instruction set.
I have ...
3
votes
1
answer
700
views
What is data only exploitation?
I was wondering, and after trying to read for the past several months I got totally lost and don't understand this concept. Could someone please explain in simple words the concept of data only ...
- 31
0
votes
0
answers
45
views
There is a course in which they teach you to use WinAFL?
I would like to know if there is a course that begins in a basic way, such as how to use winAFL to find bugs in app desktop.
- 9
-1
votes
1
answer
140
views
How to find bugs in a modern desktop application with reverse enginnering?
I would like to clarify the context for the question: I have studied different types of exploiting but all the studies I have carried out were with command line programs and with functions that I ...
- 9
3
votes
1
answer
1k
views
Advanced Binary Exploitation CTF
I wanted to ask your assistance: Where can I find advanced ctfs (that hopefully contain solutions) regarding binary/kernel exploitation? I am interested on finding x86_64 linux/windows/arm64 that ...
- 56