Skip to main content
Information Security

All Questions

Ask Question
Tagged with
11 questions
NewestActiveBountiedUnanswered
1vote
0answers
395views

Buffer Overflow shell

I'm trying to exploit the code posted by ir0nstone at this link. I followed any of the steps listed in the tutorial, but Address space layout randomization (ASLR) is not enabled on my machine. When I ...
xChineze's user avatar
xChineze
  • 11
0votes
0answers
398views

Encoding shellcode to hide in filename / directory

Working on a CTF challenge and the coordinators hint suggests that one of the vectors to inject shellcode is via pathing. Looking at debugging prints does show the cwd and filename are passed onto the ...
TKC's user avatar
TKC
  • 1
1vote
1answer
8kviews

Shellcode in MongoDB Python code

I know I can input this into a search box that queries the MongoDB. I have updated the code with my shell code, but I won't include that, I will just use the exploit as it is here: db.my_collection....
Archeofuturist's user avatar
Archeofuturist
  • 119
0votes
1answer
2kviews

Executing shellcode in python format [closed]

So after running the command: msfvenom -p windows/meterpreter/reverse_tcp lhost=10.0.0.31 lport=8080 -f py I receive the output: buf = b"" buf += b"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\...
Alexander Dimitrov's user avatar
Alexander Dimitrov
  • 13
0votes
0answers
295views

How to forbid user from executing malicious shell and Python script?

I am designing a online programming website similar to https://repl.it. Users can execute shell and python scripts on the browsers. If users execute malicious commands including but not limited to "...
Jill Clover's user avatar
Jill Clover
  • 101
3votes
1answer
1kviews

Replace forbidden characters function check python

I have "blackbox" with the following python function code (without permission to change it): def exec_ping(): forbidden = ['&', ';', '-', '`', '||', '|'] command = input('Enter an IP: ') ...
Evyatar's user avatar
Evyatar
  • 133
0votes
2answers
619views

Pickle Shellcode Import Error

I'm trying to execute pickle shell-code through a download function on a website but I get the following error: <html> <h1>ERROR: Cannot load file</h1> <!-- Traceback (most ...
John's user avatar
John
  • 1
3votes
1answer
2kviews

Python - ctypes.cast function call outputs Segmentation Fault error message

Background: Writing a proof of concept of a twitter C&C inspired by Prof Viviek of SPSE similiar to twittor and the project includes a functionality of injecting shellcode and executing it ...
0x5929's user avatar
0x5929
  • 375
1vote
1answer
2kviews

Shellcode parameter passing

I am trying to use an environment variable to store my shellcode and then point my RET to it, so that I may get to execute my shellcode. Here is my vulnerable program 'abc.c' #include string.h #...
user148898's user avatar
user148898
  • 113
0votes
1answer
3kviews

How to decode hex code and modify it? Binascii.unhexlify [closed]

I am reviewing the code hosted at edb and the portion I am trying to make sense of and modify is at line 78 reversetcp_shellcode = binascii.unhexlify(b'...
K4rt's user avatar
K4rt
  • 3
0votes
1answer
3kviews

Are shell scripts / bash inherently less secure than other (script) languages such as python?

Are shell scripts / bash suitable for any kind of task as long as the developer(s) write correct, security bug free scripts? Or are shell scripts / bash less advisable for some tasks such as parsing ...
adrelanos's user avatar
adrelanos
  • 784

close