Pwning stuffs

What is XSS? Cross-Site Scripting (XSS) is probably the most common singular security vulnerability existing in web applications at large. It has been estimated that approximately 65% ​​of websites are vulnerable to an XSS attack in some form, a statistic which should scare you as much as it does me. XSS occurs when an attacker is capable of injecting a script, often Javascript, into the output ..

The next target is: Soundop 32-bit version 1.7.3.9. Soundop is an intuitive and professional audio editor for Windows to record, edit, mix and master audio contents in clear and flexible workspaces. Below you have the software installation link: https://download.cnet.com/Soundop/3000-2170_4-77358595.html Once we run the software Soundop 32-bit version 1.7.3.9 , we see that a message skips first,..

Today in this part of the course we will reverse a program to recover passwords in RAR files. https://download.cnet.com/RecoverPassword-Rar-Password-Recover/3000-18501_4-78328724.html The program is in .NET therefore we will not have to see assembly language, it will be much easier. When we open the program we see a tab that indicates if we want to register the program we click, and now we shoul..

Index of course: Basics of reverse engineering. Binary patching of real-world software. Backdoors. Testing software for vulnerability research. Exploit development. Basics of reverse engineering Reversing, is to find out from a «product» that its inverse process is finished. In the case of computer science from a binary or software know its source code, interpreting the high level language that ..

The purpose of this course is to teach a cyclic procedure to do reverse engineering and backdoors malware patching in modern real software by modifying the code using assembly language. The opportunities that one program or another can offer us depend on the protections that the program has and its functionality. Also it is importat the persistence in Windows system for Red Team purpose. The mai..

We begin by looking at the protections of the binary. We have several problems and we can not execute code in the stack due to NX protection and we do not see the possibility of an overflow due to canary. We also have PIE activated and full relro so GOT dereferencing/overwriting will not be possible. We start with option 3 that will call the print_flag function. If we see inside the function we ..

We will start by looking at the protections of the binary and we realize that NX is enabled so it will not let us execute code in memory. First we see that our attack vector are two inputs but we do not know the iteration that the program returns to us. So we will have to open gdb and analyze the code in search of how to exploit it and perform the important task of reverse engineering. After see..

At first we realize that there is a format string vulnerability by which we can leak the memory addresses of the stack and thus bypassing ASLR. After a few attempts we see that in position %10$p we leak memory address of the stack and at minus 0x20 it would be the pointer of name whose test content we entered was "AAAA". The next step is to create our exploit that makes the leak using pwntools l..