Ret2Libc and ROP

Posted on Wed 06 August 2014 in x86-32 Linux • Tagged with exploit development, linux, 32bit, fuzzing, buffer overflow, rop, ret2libc

Exploiting a buffer overflow by using return to libc and basic return orientated programming to beat certain protections including never execute (NX)


Continue reading

An Easy Windows Crackme

Posted on Sat 02 August 2014 in Reverse Engineering • Tagged with windows, reverse engineering, 32bit, crackme

Cracking an easy Windows crackme from the site http://crackmes.de


Continue reading

System Call Hooking

Posted on Thu 10 July 2014 in Linux Kernel Hacking • Tagged with kernel development, linux, c, rootkit, kernel hacking, function hooking

Hooking kernel functions on Linux, used by usermode applications, for malicious purposes


Continue reading

Beating ASLR

Posted on Mon 07 July 2014 in x86-32 Linux • Tagged with exploit development, linux, 32bit, aslr, buffer overflow

Exploiting a buffer overflow vulnerability with address space layout randomization in place


Continue reading

XSS in PNP4Nagios

Posted on Fri 04 July 2014 in Web Hacking • Tagged with web, xss, responsible disclosure

Finding and exploiting cross site scripting vulnerabilities in the Nagios plugin PNP4Nagios


Continue reading

Basic Binary Auditing

Posted on Tue 01 July 2014 in Reverse Engineering • Tagged with exploit development, linux, 32bit, reverse engineering, buffer overflow, debugging

Detecting buffer overflows, format string and integer overflow vulnerabilities using binary analysis in gdb on 32bit Linux


Continue reading

Remote Exploitation

Posted on Thu 12 June 2014 in x86-32 Linux • Tagged with exploit development, linux, 32bit, fuzzing, buffer overflow

Hacking a network service with a buffer overflow vulnerability on 32bit Linux without stack protections


Continue reading

A Simple Character Device

Posted on Fri 06 June 2014 in Linux Kernel Hacking • Tagged with kernel development, linux, c

Implementing a character device on Linux as a loadable kernel module


Continue reading

Command Injection in Basilic

Posted on Mon 02 June 2014 in Web Hacking • Tagged with web, command injection

Finding and exploiting a comand injection vulnerability in the open source Basilic


Continue reading

Plain Format String Vulnerability

Posted on Tue 20 May 2014 in x86-32 Linux • Tagged with exploit development, linux, 32bit, fuzzing, format string

Finding, exploiting and fixing a simple format string vulnerability on 32bit Linux without any stack protections


Continue reading