For questions about development of software which takes advantage of exploits (vulnerabilities in security systems).
Questions tagged [exploit-development]
197 questions
3
votes
1 answer
Can't get this memory addressing
I am working with this INE eCXD material and I am working on my basics of buffer overflow on Linux.
In the lab, there is supposed to be a binary that is using the strcpy() function and it SEGFAULTS when it reaches that function.
I loaded the binary…
MoRizk
- 31
- 1
2
votes
2 answers
x32 VS x64 Reverse Engineering and Exploit Development
I started to learn RE and Exploit Development and most materials almost all of them are on 32 bit architecture. what the difference in the point of view of Exploit Development. I know in Shellcoding is quite different and how hard is to pick up…
user3551034
- 51
- 1
- 5
1
vote
0 answers
Immunity Debugger - !mona suggest
Potentially simple question. I have been going through some tutorials for exploit development that use !pvefindaddr for help with creating unique patterns and discovering the offset.
I know that mona has replaced pvefindaddr - but from what I can…
user3046771
- 185
- 2
- 13
1
vote
0 answers
My exploit does not overwrite EIP, why?
I am try to write my first exploit, that will exploit the pinfo program.
I install the program via apt-get them i crash him with:
neo@matrix:~$ pinfo -m `python -c 'print "A"*50064+"DCBA"'`
Przemek's Info Viewer v0.6.9
Looking for man page...
***…
user3552769
- 11
- 2
0
votes
1 answer
Browser fuzzing with Windbg
the story looks like this: we have a browser, we have attached windbg to this browser,
we have a fuzzing 'page'. now, when browser will crash (and i.e. I know that bug occurs somewhere in the HTML code), how can I find that code which crashed the…
0
votes
1 answer
How do programmers write the initial exploits from the vulnerability details in a CVE?
I've noticed that lots of CVE at www.cvedetails.com do not have publicly available exploits. But they have high scores (ex: score higher than 9).
With such a high score, I'd thought exploits would be readily available but it's not the case (not even…
botanga
- 447
- 5
- 5
0
votes
0 answers
Winmap crashing differently when changing the crashing buffer
I'm trying to replicated the "egg hunting" exploitation for the Winmap .
I started using the POC code provided (I rewrote it in Python) :
__author__ = 'HSN'
#!/usr/bin/python -w
start = "[playlist]\r\nFile1=\\\\"
#[playlist]\r\nFile1=\\\\"
nop =…
HSN
- 998
- 1
- 6
- 15