Unanswered Questions

I've just stumbled upon the Pwn2Own Mobile news from three days ago. During which apparently several flagship mobile phones of several manufacturers have (again) been successfully zero-dayed, among ...

If you browse to this page: http://192.168.10.8/../../../../../windows/win.ini Firefox/Chrome will evaluate the URL first. The resulting page requested will be: http://192.168.10.8/windows/win.ini ...

I'm working with some exploit code for the MS08-067 vulnerability from ExploitDB. The section: WNetAddConnection2(&nr, "", "", 0)* fails with an error of 67 (ERROR_BAD_NET_NAME), but I don't ...

Most of examples for extracting files through XXE OOB (Out of Band) sets up a listening HTTP server and listens to incoming request on the URL requested. However, since the URL length is limited to ...

ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...

I have been playing with some wargames and I ported some of then on my Linux machine as well. I noticed that when not using -mpreferred-stack-boundary=2, gcc might compile "main" with an interesting ...

How can you analyze an encapsulated PostScript file that has a standard header, but is way too big? There is a EPS file which has a size of 1.8MB. When it is reconverted to EPS, the resulting file is ...

Here is the gist of the code: main(){ char s1[64], s2[64]; int a = 0, b = 0; FILE *fp1, fp2*; char temp; scanf("%s", s1); scanf("%s", s2); ... //some checks happen, fp1 is opened to ...

I'm testing a web application where user input is directly inserted into a PDF file which can then be downloaded. The user input is accepted as is, without encoding or any other modification. This ...

I run a full (not quick) scan of Windows Defender every night. Somehow, between two nights ago and last night an instance of PUA:Win32/InstallCore got placed on my PC. Windows Defender removed it, ...

I have a scenario as the following: <?php include("resource/" + $_GET['vuln']); ?> And I'm trying to get RCE from this, or atleast acquire some interesting information. I already looked at /...

I have been practicing buffer overflows for a little while. However, I came across a solution which works - but I'm not quite sure why. I have tried to read about the different instructions, such as ...

Following the example of corelan team ROP version 2 (I was able to perform version 1): https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-...

Older cell / smart phones were susceptible to bluesnarfing / Bluetooth attacks, Nokia phones in particular. But now in days, modern smart phone and cell phones that use Bluetooth technology for ...

Recently, I stumbled upon a way to reset the software trial of any product under the adobe suite. It's as simple as changing some attributes within a few files. I'm assuming that it can be deemed an ...