An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.
Questions tagged [exploit]
790 questions
9
votes
2 answers
Is WildFly affected by the log4j 2 vulnerability CVE-2021-44228?
We are using wildfly 10 and 16 in production and a zero-day exploit exists CVE-2021-44228 for log4j for some versions.
How can I be sure that none of the code and libraries use a log4j lib that has that issue?
I do not use any log4j property file…
Manuel
- 321
- 4
- 13
9
votes
1 answer
MongoDB $regex query and potential exploits
We have a REST API for querying records in a MongoDB. Very simple, something along the following:
GET /api/items?q=foo
During development, it was convenient to allow regular expressions as the query q. We would simply pass the query parameter to a…
qqilihq
- 10,794
- 7
- 48
- 89
9
votes
1 answer
Why return-to-libc shell using system() exits immediately?
I'm experimenting control-flow hijacking attacks on programs written in C on Linux. I'm trying to perform a simple ret-2-libc attack on a program with the No-eXecutable-stack countermeasure enabled. For this purpose I'm returning to system()…
Seyed Mohammad
- 798
- 10
- 29
9
votes
3 answers
Accessing 2nd element of an array in a format string vulnerability attack
I'm working on a format-string vulnerability lab, where we're given the following code:
#define SECRET1 0x44
#define SECRET2 0x55
int main(int argc, char *argv[])
{
char user_input[100];
int *secret;
int int_input;
int a, b, c, d; /*…
Max
- 849
- 9
- 24
9
votes
3 answers
What is the possible ^null$ exploit reported by LogWatch?
LogWatch is a nice tool that provides daily reports on linux log files. It includes several information summaries, like traffic, users who logged in, who used sudo, relevant kernel messages, IPs that probed the server, search engines that probed…
JulioHM
- 1,229
- 1
- 10
- 17
8
votes
1 answer
buffer overflow example from Art of Exploitation book
I was reading this book Art of Exploitation, which is kinda good book and I run across that example from exploit_notesearch.c file.
Briefly author tries to overflow program from notesearch.c
int main(int argc, char *argv[]) {
int userid,…
Rustam Issabekov
- 3,279
- 6
- 24
- 31
8
votes
0 answers
How can I get a corefile for a PE in Python like I can with pwntools for an ELF?
If any of you are familiar with the basics of exploit development, you know that when you exploit a potential buffer overflow, normally to find the offset of your buffer that "clobbered" a specific register you want to modify, you send an input like…
J.Todd
- 707
- 1
- 12
- 34
8
votes
2 answers
Bash 'printf' equivalent for command prompt?
I'm looking to pipe some String input to a small C program in Windows's command prompt. In bash I could use
$ printf "AAAAA\x86\x08\x04\xed" | ./program
Essentially, I need something to escape those hexadecimal numbers in command prompt.
Is there…
Calum Murray
- 1,102
- 3
- 12
- 20
8
votes
1 answer
return to libc - problem
I'm having problems with return-to-libc exploit. The problem is that nothing happens, but no segmentation fault (and yes I'm actually overflowing the stack).
This is my program:
int main(int argc, char **argv) {
char array[512];
…
eleanor
- 1,514
- 3
- 19
- 40
8
votes
4 answers
My php site was hacked by codes uploaded as image..?
Yesterday my site was comprised. The attacker changes the index.php file to their own (with all their glory messages and greet). I've notified the hosting company about this (we are running on a dedicated server), and on my part, I'm trying to fix…
imin
- 4,504
- 13
- 56
- 103
8
votes
1 answer
Is it safe to expose java remote debugger port to the internet?
I was going to expose a port for remote debugging of Java-based web service over the internet, but thinking twice I realised that it has no any authentification.
Theoretically, it seems to be possible to write a tool, that attaches to remote…
Dmitriusan
- 11,525
- 3
- 38
- 38
8
votes
3 answers
Stack Overflow Exploit in C
The question is actually about stack overflows in C.
I have an assigment that I can not get done for the life of me, I've looked at everything in the gdb and I just cant figure it.
The question is the following:
int i,n;
void confused()
{
…
Fernando Gonzalez
8
votes
6 answers
How to write a buffer-overflow exploit in GCC,windows XP,x86?
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
int *ret;
ret = buffer1 + 12;
(*ret) += 8;//why is it 8??
}
void main() {
int x;
x = 0;
function(1,2,3);
x = 1;
printf("%d\n",x);
}
The above demo…
Mask
- 33,129
- 48
- 101
- 125
8
votes
3 answers
Using a Single system() Call to Execute Multiple Commands in C
In an information security lab I'm working on, I've been tasked with executing multiple commands with a single call to "system()" (written in C, running on Fedora). What is the syntax that will allow me to execute more than command through…
Chance
- 988
- 2
- 13
- 29
8
votes
2 answers
Overwrite return address simple format string exploit
Yes, quite a few similar questions exist already (5037601, 19166698, 4855162, 14505995, 5052648, 13409508, 7745146, 7459630; sorry, not enough rep for more than 2 links), and yes, there are some nice articles explaining this kind of thing (click,…
Bla Blaat
- 143
- 1
- 1
- 7