All Questions
Tagged with python exploit-development
7 questions
2
votes
1
answer
927
views
Python Code Injection With int()
I discovered reading the documentation for int() in python that I could execute operating system commands if something like the following were passed to the int() constructor:
type('',(),{'a':5,'b':6,'...
- 21
3
votes
1
answer
216
views
Leak multiple lines from file
I am researching this bug here, where the first line of an arbitrary file can be leaked by triggering a SyntaxError using the compile() function.
Is there a method of leaking the rest of the file, ...
- 511
1
vote
1
answer
474
views
Developing MIPS exploit in python memory address getting parse as a value [closed]
I am trying to develop an exploit in python. but I am not able to write an proper exploit. Below are the scenarios were i am facing problem.
below is the HTTP request which occurs the crash
POST /cgi-...
- 117
2
votes
1
answer
3k
views
stdin does not wait for next input after ROP chain
I was trying to exploit a vulnerability in a ctf but I can not make fgets() reopen stdin to put my second stage ROP chain. I am using pwntool but the problem is more socket oriented.
I recreated ...
- 23
3
votes
0
answers
847
views
Bypass DEP using NtSetInformationProcess on last Windows XP SP3 Pro update
Following the example of corelan team ROP version 2 (I was able to perform version 1): https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-...
- 1,930
1
vote
1
answer
2k
views
Shellcode parameter passing
I am trying to use an environment variable to store my shellcode and then point my RET to it, so that I may get to execute my shellcode.
Here is my vulnerable program 'abc.c'
#include string.h
#...
- 113
2
votes
2
answers
4k
views
Python exploit question?
Can someone please explain how and why this struct.pack code is used in the below exploit? I'm trying to understand how it triggers the vulnerability. I understand the buffer overflow aspect, I'm ...
- 23