All Questions
Tagged with exploit-developmentpython
7 questions
2votes
1answer
828views
Python Code Injection With int()
I discovered reading the documentation for int() in python that I could execute operating system commands if something like the following were passed to the int() constructor: type('',(),{'a':5,'b':6,'...
- 21
3votes
1answer
207views
Leak multiple lines from file
I am researching this bug here, where the first line of an arbitrary file can be leaked by triggering a SyntaxError using the compile() function. Is there a method of leaking the rest of the file, ...
- 511
1vote
1answer
468views
Developing MIPS exploit in python memory address getting parse as a value [closed]
I am trying to develop an exploit in python. but I am not able to write an proper exploit. Below are the scenarios were i am facing problem. below is the HTTP request which occurs the crash POST /cgi-...
2votes
1answer
3kviews
stdin does not wait for next input after ROP chain
I was trying to exploit a vulnerability in a ctf but I can not make fgets() reopen stdin to put my second stage ROP chain. I am using pwntool but the problem is more socket oriented. I recreated ...
- 23
3votes
0answers
842views
Bypass DEP using NtSetInformationProcess on last Windows XP SP3 Pro update
Following the example of corelan team ROP version 2 (I was able to perform version 1): https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-...
- 1,920
1vote
1answer
2kviews
Shellcode parameter passing
I am trying to use an environment variable to store my shellcode and then point my RET to it, so that I may get to execute my shellcode. Here is my vulnerable program 'abc.c' #include string.h #...
- 113
2votes
2answers
4kviews
Python exploit question?
Can someone please explain how and why this struct.pack code is used in the below exploit? I'm trying to understand how it triggers the vulnerability. I understand the buffer overflow aspect, I'm ...
