Pwning stuffs

This is the first tutorial of exercises solutions of Ricardo narvaja spanish course (ignore Google dangerous message). Binary is named Vulnerable_No_vulnerable.exe in 21 lesson. When we run the binary it asks us to introduce an input we also view a string so we already have a starting point to see the references to that string in the .text section. We see the first comparison where it is checked..

Introduction The Modbus Serial Driver creates a listener on Port 27700 / TCP. When a connection is made, the Modbus Application Header is first read into a buffer. If a large buffer size is specified in this header, a stack-based buffer overflow results.The final idea of ​​this article is to reproduce and detail the process by which the vulnerability can be detected and exploited, including why ..

Writeup - From Format String to Buffer OverflowPKTeam Recon First of all we see the protections of the binary. We have several problems. We can not execute code in the stack such as a shellcode due to NX, we can not overflow without having a canary leak and if we want to attach with gdb we have to bypass PIE as if we want to do ROP (Return-Oriented Programming). We also need leak of a function t..

Write-up - Use After FreePKTeam 1. Register. We start registering a user AAAA. 0x555555554ac3 lea rax, [rbp-0x60] 0x555555554ac7 lea rsi, [rip+0x695] # 0x555555555163 0x555555554ace mov rdi, rax 0x555555554ad1 call 0x5555555548b0 We see a comparison of our input in RAX register. This register contains a memory address of the stack that contains the AAAA input. In RSI register we have the string ..

Introduction T he description of the vulnerability reads as follows: The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access to a Buffer Overflow.The final idea of ​​this article is to reproduce and detail the process by which the vulnerability can be detected and exploited, including why it occurs. To study the vulner..

Introduction The vulnerability reads as follows: Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. The final idea of ​​this article is to reproduce and detail the process by which the vulnerability can be detected a..

Welcome everybody. The idea of ​​this website is to provide detailed tutorials on Linux and Windows exploit development. The content will be in English to reach a wider range of readers. My English is not very high but I will try as much as possible to publish with good English :)The web will mainly have two categories:In Windows exploiting category I will use CVE to exploit the vulnerability of..

Writeup - pwnable.kr Sabiendo que tenemos un overflow y la dirección de retorno en el stack, podríamos escribe en el buffer donde contiene los primeros 4 bytes del nombre que introducimos. Deberemos escaping primero en ese buffer cuando nos pregunta por cual es nuestro nombre, los opcodes de jmp rsp. Segundo aprovecharemos el overflow para escribir en la dirección de retorno justo la dirección d..