Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions

votes

4 answers

Shellcode as payload for buffer overflow (or other) exploits executed as root?

When I use shellcode such as the ones provided here* as payload to some vulnerable program, how is the shell executed as root? I am asking about how the privileges are elevated to root? The shellcode doesn't seem to call setuid or anything to change…

asked Apr 15 '11 at 00:49

extraeee

3,096
5
27
28

votes

1 answer

Return Oriented Programming Compiler

I'm trying to better understand my computer on the lower levels and what better way is there other than writing stack buffer overflow exploits? I recently came across ROP. I read the paper http://cseweb.ucsd.edu/~hovav/talks/blackhat08.html and it…

exploit

asked Apr 13 '11 at 08:06

Konstantin Weitz

6,180
8
26
43

votes

1 answer

The Shellcode to open Calc.exe too long and complex, can't understand! My first exploit program

I wrote my first exploit program on Windows XP OS using the shellcode i foung on the web. It opens the calculator and the overall program works successfully. However, even though i did not write the shellcode myself, I have to know very well what it…

assembly stack-overflow buffer-overflow exploit shellcode

asked Jan 27 '19 at 15:13

Ann Gladyo

votes

2 answers

C (s)printf exploit, $hn and %10

when trying to follow a tutorial on string exploits in C, I had the following questions which I do not seem to find an answer to. "If we were to pass the string AAAA%10$n, we would write the value 4 to the address 0x41414141!". This is an excerpt…

c string-formatting exploit

asked Dec 18 '18 at 11:29

Wouter Vandenputte

1,948
4
26
50

votes

1 answer

Overwriting data via array vulnerabilities

I am trying to demonstrate a buffer overflow via an array index (when there isn't any bounds checking). What I am trying to do is change my bool authenticated = false to true by passing in a bad value. I am using GCC 4.8.5 arrayVulnerability(int…

c++ arrays memory buffer-overflow exploit

asked Nov 09 '18 at 21:07

Kirby

votes

1 answer

What is the meaning of Write-4 primitive?

What is the meaning of Write-4 primitive? In the exploit development tutorials, I meet a lot. Does it mean that write 32 bits into the register or memory?

exploit

asked Oct 16 '18 at 03:05

Gh0st

votes

2 answers

Is using `eval` to define functions with text from a file evil?

This is a follow-up question to eval cat inside a function. I'm using eval to mimic import functionality from other languages (such as JavaScript). This is something I wanted to do on my local machine for a while since I've built up an overwhelming…

shell eval exploit

asked Sep 17 '18 at 15:33

Nick Bull

9,518
6
36
58

votes

2 answers

Format string bugs - exploitation

I'm trying to exploit my format string bug, which lies in this program: #include #include #include #include #include void foo(char* tmp, char* format) { /* write into tmp a string…

linux debugging exploit shellcode

asked Feb 19 '11 at 18:21

eleanor

1,514
3
19
40

votes

1 answer

Exploit a buffer overflow with canary protection

I'm trying to exploit this simple program for homework: #include #include #include #define BUFSIZE 1024 typedef struct { char flag_content[BUFSIZE]; char guess[47]; unsigned canary; char…

c gdb buffer-overflow exploit cracking

asked May 18 '18 at 22:40

Kordo

votes

0 answers

bash: warning: ignored null byte in input

I've recently programmed a little C program that is vulnerable to a format string exploit. Here is the source code(it is copied from a book): #include #include #include int main(int argc, char *argv[]) { char…

c bash string-formatting exploit

asked May 02 '18 at 20:05

J0rdan

votes

1 answer

Is there a script to safely test for Meltdown and Spectre vulnerabilities on Ubuntu

I did a google search for "test for meltdown and spectre" and found a really disconcerting collection of disreputable-looking links. I did find an ubuntu page on these attacks which referred to what appears to be an authoritative page detailing…

linux security ubuntu exploit

asked Feb 08 '18 at 17:29

S. Imp

2,833
11
24

votes

3 answers

Exploiting file_get_contents()

Is it possible to read any file (not only those with the extension .html) from the server in the following script? I know about wrappers (php://, file://, etc.) but achieved not too much.…

php apache security php-7 exploit

asked Jan 27 '18 at 08:36

terjanq

votes

1 answer

CPU Redesign for Spectre and Meltdown

There are a lot of patches released to fix the recently found Spectre and Meltdown security vulnerability. However they all do this (to my understanding) by disabling usage of certain functionality on the cpu. So I am wondering if the (predictive)…

cpu-architecture exploit spectre

asked Jan 13 '18 at 16:46

vincent

1,953
3
18
24

votes

0 answers

Is Google Native Client (NaCl) vulnerable to Meltdown or Spectre attacks?

I run sel_ldr_x86_32 file32.nacl and sel_ldr_x86_64 file64.nacl on my Intel machine vulnerable to Meltdown and Spectre. Given that even JavaScript can employ Spectre, I am curious if NaCl'ed binaries can. Are there any known vulnerabilities of NaCl…

exploit google-nativeclient spectre

asked Jan 11 '18 at 16:23

Stair

votes

0 answers

Meltdown POC in C++

I heard about the Meltdown vulnerability and read the paper, which was kind of difficult since I am not a native speaker, but I decided to make a small proof of concept C++ program which is shown below, I would like to know the reasons for the code…

c++ exploit poc

asked Jan 07 '18 at 14:37

user9184386

Prev 1 2 3

…

52 53 Next