An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.
Questions tagged [exploit]
790 questions
15
votes
7 answers
can anyone explain this code to me?
WARNING: This is an exploit. Do not execute this code.
//shellcode.c
char shellcode[] =
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
…
0xab3d
- 527
- 1
- 6
- 14
15
votes
9 answers
PHP GET variable array injection
I've recently learned that it's possible to inject arrays into PHP GET variables to perform code execution?
.php?a[]=asd&a[]=asdasd&b[]=$a
That was the example I was given. I have no idea how it works and was wondering if this is even possible?
dave
- 7,717
- 19
- 68
- 100
14
votes
2 answers
How does printf() var-arg referencing interact with stack memory layout?
Given the code snippet:
int main()
{
printf("Val: %d", 5);
return 0;
}
is there any guarantee that the compiler would store "Val: %d" and '5' contiguously? For example:
+-----+-----+-----+-----+-----+-----+-----+-----+-----+
| ... | %d | '…
Mikey G
- 181
- 1
- 9
13
votes
2 answers
Do canaries prevent return-into-libc and return-oriented programming attacks?
I am trying to understand if/how return-into-libc and return-oriented programming exploits are possible if a canary is being used.
A canary would be placed on the stack in between the return value and the buffer to be overflown, and would need to be…
jj.
- 171
- 1
- 6
12
votes
12 answers
Security exploits in "safe" languages
I just recently finished reading Secure Coding in C and C++ by Brian Seacord, who works for CERT.
Overall, it's an excellent book and I would recommend it to any programmer who hasn't yet read it. After reading it, it occurs to me that for all…
Channel72
- 24,139
- 32
- 108
- 180
12
votes
2 answers
How does CVE-2014-7169 work? Breakdown of the test code
With a bash release which has been patched for shellshock
$ bash --version
GNU bash, version 3.2.52(1)-release (x86_64-apple-darwin12)
Copyright (C) 2007 Free Software Foundation, Inc.
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a…
user193130
- 8,009
- 4
- 36
- 64
12
votes
2 answers
POSIX compliant way to tell if system rebooted?
I'm writing some highly portable security code. I'm trying to avoid security flaw in a utility program such as this one found in some versions of sudo:
... it is possible to become the super user by running sudo -k and then resetting the system…
Ben Burns
- 14,978
- 4
- 35
- 56
11
votes
1 answer
why can't Javascript shellcode exploits be fixed via "data execution prevention"?
The "heap spraying" wikipedia article suggests that many javascript exploits involve positioning a shellcode somewhere in the script's executable code or data space memory and then having interpreter jump there and execute it. What I don't…
EndangeringSpecies
- 1,564
- 1
- 17
- 39
11
votes
3 answers
PHP security exploit - list content of remote PHP file?
I'm trying to exploit some web vulnerabilities in a sample website running inside a VM (it is not available on the web - only for educational purposes). I have a php file named setupreset.php which has the information about MySQL configs, setup and…
swiftcode
- 3,039
- 9
- 39
- 64
11
votes
1 answer
Man in the middle attack with scapy
I'm trying to do a man in the middle attack with scapy on a test network. My setup is like this:
Now that you get the idea, here's the code:
from scapy.all import *
import multiprocessing
import time
class MITM:
packets=[]
def…
prongs
- 9,422
- 21
- 67
- 105
10
votes
1 answer
Need to exploit buffer overflow. Can't figure out how to uncorrupt the stack after executing exploit code?
Basically the function I am exploiting is this:
int getbufn()
{
char buf[512];
Gets(buf);
return 1;
}
When I run the main program the function executes 5 times and each time the location of buf changes and so does the location of…
michael60612
- 397
- 2
- 10
10
votes
5 answers
Perl's Pack('V') function in Python?
I've been working on some exploit development recently to get ready for a training course, and I've run into a problem with a tutorial. I've been following along with all the tutorials I can find, using Python as opposed to the language the…
Schinza
- 101
- 1
- 4
10
votes
1 answer
exploiting Buffer Overflow using gets() in a simple C program
I am new to Buffer Overflow exploits and I started with a simple C program.
Code
#include
#include
void execs(void){
printf("yay!!");
}
void return_input (void)
{
char array[30];
gets(array);
}
int main()
{
…
Panther Coder
- 1,058
- 1
- 16
- 43
10
votes
6 answers
To what does "zero day" refer?
Does "zero-day" or "0-day" (in context of software vulnerabilities and exploits) refer to the software release, or a particular type of exploit?
[I did not find an answer to this on SO. Though it is answered elsewhere on the Internet, my…
Argalatyr
- 4,639
- 3
- 36
- 62
10
votes
1 answer
Access module 'sys' without using import machinery
Sandboxing Python code is notoriously difficult due to the power of the reflection facilities built into the language. At a minimum one has to take away the import mechanism and most of the built-in functions and global variables, and even then…
zwol
- 135,547
- 38
- 252
- 361