Software Exploitation (16)

Hands on Windows Shellcoding: Create ROP via mona.py

Let’s see the procedure in action by attempting to exploit some susceptible software on Windows 7 32-bit with the security settings left as they were originally installed.

Windows Universal Shellcoding x86

Previously we discussed the basics of windows shellcoding, this method is compact and does not cause memory corruption upon exit. However, it has some disadvantages as well.

Basic Windows Shellcoding

Shellcode is the most vital component of any exploit. At its core, it enables us to carry out the tasks that the exploit is designed to accomplish. When using Metasploit against any software, the payload option is the shellcode that will be loaded into the exploit.

Windows Egg-Hunting

During a buffer overflow attack, the entire buffer is not always allocated in its original form within the memory of the target program. Egghunter shellcode, or egghunter, is a specific type of (small-sized) shellcode that can be executed when a user’s buffer is split and allocated in an unknown portion of memory during an overflow.

Windows Exploitation: SEH based overflow

Structured Exception Handling (SEH) is a Windows component that manages application error conditions (exceptions). It is a programming mechanism that helps applications handle any unexpected conditions encountered during the execution of a program. This article will discuss how to exploit SEH.

Linux Exploitation: Format String Vulnerabilities and Exploitation

In prior blog posts, we concentrated on stack-based buffer overflows. We assume you are familiar with how arguments are passed to functions (via the stack prior to a function call) and how the stack operates during the execution of a program.

Linux Exploitation: x64 shellcode

Let’s try to write a 64-bit Linux shellcode.

Linux Exploitation: Basic Linux Shellcoding

Shellcoding is a form of system exploitation in which an attacker inserts malicious code into a program or file in order to execute arbitrary commands. Shellcode is often used to create a backdoor in a system, allowing the attacker to gain access and control. In many cases, the attacker will encode the shellcode to avoid detection.

Linux Exploitation: Linux Reverse TCP Shellcode

In this blog article we will create a Linux reverse TCP shellcode.

Linux Exploitation: Advanced Exploit Protection Evasion

When countermeasures are combined and used simultaneously in a binary, the situation becomes significantly more complicated!

Linux Exploitation: Evading Exploit Protection

On a modern system, it is uncommon to find a binary that can be exploited so easily. In order to make exploitation more difficult, numerous methods have been developed as a countermeasure. This article discusses a few possibilities on how to circumvent these protections.

Windows Exploitation: Stack Overflow Part 2

Let’s continue to considering the most fundamental buffer overflows on Windows are known as vanilla EIP overwrites or direct EIP overwrites, in which the EIP is immediately overwritten after a sufficient amount of data is supplied.

Windows Exploitation: Stack Overflow Part 1

Even though advanced Windows exploitation is far different from Linux, basic stack smashing is strikingly comparable between the two operating systems. Similarly to Linux, the key part is to identify program entry points. We will not discuss how to find an attack surface in this post, but rather how to perform the actual exploitation.

Linux Exploitation: Abusing EIP

In the previous part we have demonstrated that by providing a binary with an input of a specific length, its EIP register can be made to point to a specific address. Up until now, we have employed invalid addresses consisting of ASCII-byte representations of the letters A or B. How about using a valid address?

Linux Exploitation: Stack Smashing

Stack is an area of memory within a process that is used to store data by the process itself. Unlike registers, which are modest in size but the fastest temporary data storage option, the stack provides more space. Stack is also used to track the program’s execution.

Introduction to Linux binary exploitation - Part 1

In order to begin the process of exploiting Linux binaries, we first need to become familiar with the target. We will need the appropriate instruments in order to accomplish it. Because gathering information is the most important aspect of any security research activity, including binary exploitation, it is very important to know how to use tools that will help us recognize what is happening inside the target binaries.