Newest &#39;exploit shellcode&#39; Questions

0

votes

1answer

91 views

Stack buffer overflow confusion

I am trying to dig deeper into the nuts and bolts a stack buffer overflow using the classical NOP-sled technique. Reading some articles and watching videos brought me to a confusion which can be ...

asked Aug 8 at 18:06

Franko
5351312

17

votes

1answer

797 views

Could someone explain parts of the FBI's Firefox 0-day?

Here is the full Javascript (and related iframes) that the FBI apparently injected into all "Freedom Hosting" pages in the course of their recent takedown. http://pastebin.mozilla.org/2776374 The ...

exploit tor shellcode

asked Aug 5 at 12:48

Anorov
4367

2

votes

3answers

134 views

How do determine the size of payloads available in MetaSploit

I've noticed that there are a lot of different payloads to choose from in MetaSploit, and the choice (assuming there's enough room in the target) usually depends on what you're trying to do. However, ...

penetration-test exploit metasploit shellcode

asked Jul 14 at 4:43

Freedom_Ben
1785

3

votes

2answers

400 views

ASLR and how a program can actually call its functions

I'm studying protection techniques and I've got a doubt about how ASLR works for a program in a Windows environment. As far as I know ASLR works by randomizing part of the imagebase address when ...

windows exploit operating-systems shellcode aslr

asked Jan 18 at 17:17

Paul
1162

1

vote

1answer

272 views

SafeSEH and x64

I read here that /SAFESEH is only valid when linking for x86 targets. /SAFESEH is not supported for platforms that already have the exception handlers noted. For example, on x64 and Itanium, ...

windows exploit buffer-overflow shellcode

asked Oct 28 '12 at 22:39

John Smith
1894

3

votes

1answer

189 views

Stack canaries protection and ROP

As far as I know stack canaries are values written on the stack that, if overwritten by a buffer overflow, force the application to close at return. My question is: if I overwrite both EIP and stack ...

exploit buffer-overflow shellcode

asked Oct 24 '12 at 17:01

John Smith
1894

3

votes

2answers

401 views

Do I always have to overwrite EIP to get to write on the stack in a buffer overflow?

Do I always have to overwrite EIP to get to write on the stack in a buffer overflow? How's the memory organized? I can't find a proper graph with google

exploit buffer-overflow shellcode

asked Oct 23 '12 at 16:56

John Smith
1894

9

votes

2answers

2k views

How “leaking pointers” to bypass DEP/ASLR works

I was wondering if anyone could give me some clues on how "leaking pointers" to bypass DEP/ASLR work. I read here: The only way to reliably bypass DEP and ASLR is through an pointer leak. This ...

exploit shellcode aslr dep

asked Oct 22 '12 at 18:55

John Smith
1894

2

votes

1answer

196 views

How to achieve interactive shell attack?

Usually when a person gets a shell by attacking some vulnerabilities, what a person gets is non-interactive shell. So when I call FTP interactive client, shell fails. Is there any way I can do ...

exploit shellcode user-interface

asked Sep 22 '12 at 2:37

Dotzio
282

4

votes

3answers

891 views

Are there any tools that focus on shellcode analysis?

Shellcode presents certain challenges for disassembly. It often self-modifies, jumps to the stack (where the shellcode will likely be placed), and relies on certain unusual tricks that standard ...

exploit tools shellcode assembly

asked Aug 21 '12 at 5:49

Polynomial
38.4k1082155

24

votes

2answers

4k views

How do ASLR and DEP work?

How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?

exploit aslr dep shellcode

asked Aug 12 '12 at 15:13

Polynomial
38.4k1082155

Tagged Questions

Related Tags