Questions tagged [exploit-development]
For questions about development of software which takes advantage of exploits (vulnerabilities in security systems).
199 questions
1vote
0answers
134views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities. I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 465
3votes
1answer
141views
can vulnerabilities in transitive dependencies be exploitable?
I am running nmap on an http server, and I got the netty version used by the server. Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems ...
- 465
1vote
0answers
38views
Can't print hexadecimal formatted address in buffer overflow
I'm trying to overwrite the return address caused by a buffer overflow. I've already calculated the distance between the buffer and the return address. The address that I want to jump to is ...
- 81
0votes
0answers
104views
How can I safely write in my resume that I have written a MetaSploit exploit module without making employers nervous?
I have asked this question on The WorkPlace SE site and did not receive any comprehensive answers over there. I have around 10 years of cybersecurity industry experience and have gained proficiency ...
- 1,766
2votes
1answer
827views
Python Code Injection With int()
I discovered reading the documentation for int() in python that I could execute operating system commands if something like the following were passed to the int() constructor: type('',(),{'a':5,'b':6,'...
- 21
0votes
1answer
155views
pvefindaddr p2 in mona?
Is there a !pvefindaddr p2 (search for all pop/pop/ret combinations in the entire process memory space) equivalent in mona.py? Alternatively, is there any option to run pvefindaddr in latest versions ...
1vote
1answer
244views
Get in depth information about vulnerability from a CVE
I'm trying to understand how to get more information about a vulnerability given a CVE. I noticed that some CVEs, on websites like https://www.cvedetails.com, have got references to articles or to ...
- 13
3votes
1answer
788views
Can't get this memory addressing
I am working with this INE eCXD material and I am working on my basics of buffer overflow on Linux. In the lab, there is supposed to be a binary that is using the strcpy() function and it SEGFAULTS ...
- 31
1vote
2answers
1kviews
Rop: Handling a `push` in the middle of a gadget
In rop, often a gadget has an undesired pop or push in the middle. For a pop, we handle this simply by adding a dummy value to our chain: it is popped, and all is well. What about a push: What do we ...
- 307
1vote
0answers
260views
How does glibc prevent malloc unlink exploits?
The classic malloc overflow, of overwriting pointers in a free chunk, to cause free() unlink to overwrite an arbitrary location with an arbitrary value, is no longer possible with modern glibc (...
- 307
0votes
0answers
353views
64 Bit ELF Buffer Overflow Not working possibly due to if statement
I wrote the following: #include <stdio.h> int win(){ printf("Won!\n"); return 0; } int vulnerable(){ char buffer[20]; memset(buffer, 0, 10); printf("Input: &...
1vote
1answer
467views
How can an ELF binary call a Windows API from WSL(2) to deploy a payload?
In September 2021 Black Lotus Labs (BLL) posted a blog entry discussing a payload loader that was: written in Python compiled to an ELF exe using PyInstaller in Debian in WSL and "injected into ...
- 138
4votes
2answers
4kviews
Are buffer overflow and similar attacks still possible?
The majority of my cyber security background comes in the form of web application vulnerability testing, and whilst I do have a degree of prior experience in studying and performing application ...
- 221
1vote
1answer
1kviews
How to read memory from format string exploit correctly
I'm trying to solve a problem on format string exploitation in which I have to overwrite anything in a specific address. Since the target address has a null byte at the begining, I need to write it at ...
- 111
1vote
1answer
2kviews
Can't overwrite EIP in bufferoverflow example
I am trying to make a simple buffer-overflow exploit on an example program to understand binary exploitation a bit better. The goal is to simple write shellcode on the stack and execute it. However, ...
- 181
