All Questions
18 questions
1vote
0answers
395views
Buffer Overflow shell
I'm trying to exploit the code posted by ir0nstone at this link. I followed any of the steps listed in the tutorial, but Address space layout randomization (ASLR) is not enabled on my machine. When I ...
- 11
0votes
0answers
25views
Can I import this exploit on metasploit or is better to use it in python? [duplicate]
I have tried to import this exploit: https://www.exploit-db.com/exploits/50539 and then use it in Metasploit (I'm following a walkthrough), but Metasploit cannot load it. Also I tried to use Python ...
16votes
4answers
13kviews
Are there any Security Concerns to using Python F Strings with User Input
Background A while ago I started using F strings in Python but remembered seeing some security concerns with using them with user input so I have made a point of not using them for those situations. ...
- 2,391
1vote
1answer
8kviews
Shellcode in MongoDB Python code
I know I can input this into a search box that queries the MongoDB. I have updated the code with my shell code, but I won't include that, I will just use the exploit as it is here: db.my_collection....
6votes
2answers
4kviews
Buffer overflow exploit with python3 : wrong return address written
I'm trying to exploit a simple buffer overflow with gdb and peda, I just want to rewrite the return address with the address of a function of the program. I can easily do it with python2 but it seems ...
- 61
2votes
1answer
2kviews
Flask/Jinja2 SSTI to get RCE. <type 'file'> not in object subclasses
I'm trying to get RCE in a simple Flask web app I developed, which is vulnerable to server side template injection (SSTI). RCE is usually obtained by uploading the reverse shell script on the target, ...
- 311
4votes
1answer
9kviews
Metasploit is not detecting newly imported python exploit
I have added OpenSSH 7.2p2 - Username Enumeration exploit to Metasploit, which is a python exploit. But after so, it does not detect that exploit every way I tried. I have placed it under the ...
1vote
1answer
468views
Developing MIPS exploit in python memory address getting parse as a value [closed]
I am trying to develop an exploit in python. but I am not able to write an proper exploit. Below are the scenarios were i am facing problem. below is the HTTP request which occurs the crash POST /cgi-...
1vote
1answer
379views
Fuzzing: Quickly find the exact number of bytes
I'm currently practicing buffer overflow. And I have a question for you regarding fuzzing. I am able to develop a python script that will try several buffer sizes to crash an application. It works ...
- 11
2votes
1answer
3kviews
stdin does not wait for next input after ROP chain
I was trying to exploit a vulnerability in a ctf but I can not make fgets() reopen stdin to put my second stage ROP chain. I am using pwntool but the problem is more socket oriented. I recreated ...
- 23
4votes
1answer
2kviews
Are there any known Python pickle viruses?
I have recently read a post about vulnerability of Python pickle module which allows to execute arbitrary Python code on unpickling: https://intoli.com/blog/dangerous-pickles/ The docs are suggesting ...
- 293
3votes
0answers
842views
Bypass DEP using NtSetInformationProcess on last Windows XP SP3 Pro update
Following the example of corelan team ROP version 2 (I was able to perform version 1): https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-...
- 1,920
0votes
1answer
3kviews
How to decode hex code and modify it? Binascii.unhexlify [closed]
I am reviewing the code hosted at edb and the portion I am trying to make sense of and modify is at line 78 reversetcp_shellcode = binascii.unhexlify(b'...
- 3
1vote
0answers
2kviews
Converting Metasploit module to standalone Python script [closed]
How easy is to convert Ruby code to Python code and to change Metasploit module into standalone Python script for Linux?
- 119
0votes
1answer
3kviews
Are shell scripts / bash inherently less secure than other (script) languages such as python?
Are shell scripts / bash suitable for any kind of task as long as the developer(s) write correct, security bug free scripts? Or are shell scripts / bash less advisable for some tasks such as parsing ...
- 784
