What is Shellshock?
When can it be exploited?
How to check if you are vulnerable
Checking your bash version
Running the fancy one-liner on your terminal
Technical insights of Shellshock
The basics of bash shell variables
Introducing bash environment variables
Exporting bash functions to environment variables
Parsing function definitions from strings
The actual vulnerability
Shellshock is now one […]
This paper is intended to explain several Metasploit approaches to exploit the vulnerable Windows 2003 server operating system, especially through msfconsole and msfcli modules, and demonstrates how to access the target computer in a comprehensive hacking life-cycle manner. Metasploit is quite useful in penetration testing, in terms of detecting […]
In this article we’ll present how we can hook the System Service Dispatch Table, but first we have to establish what the SSDT actually is and how it is used by the operating system. In order to understand how and why the SSDT table is used, we must first […]
Download the code associated with this article by filling out the the form below.
In this article we presented the details of using sysenter instruction to call from user-mode to kernel-mode. In older versions of Windows operating systems, the “int 0x2e” interrupt was used instead, but on newer systems sysenter […]
PDF files have become very common in everyday work. It’s hard to imagine business proposals without PDFs. The PDF format is used in almost all companies to share business deals, company brochures, and even invitations.
Previous years were not good for PDF users, as several vulnerabilities were published, such as […]
In recent years, several researchers have studied Linux kernel security. The most common kernel privilege vulnerabilities can be divided into several categories: NULL pointer dereference, kernel space stack overflow, kernel slab overflow, race conditions, etc.
Some of them are pretty easy to exploit and there is no need to […]
A heap overflow is a form of buffer overflow; it happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data. This is can lead to overwriting some critical data structures in […]
This article describes the stack. GDB is used to analyze its memory. One needs to know this subject to play with low-level security.
Environment: x86, Linux, GCC, GDB.
The following registers are mentioned in the article:
ESP (points to the top of the stack)
EBP (is used as a reference when […]
Most of the programs that we use every day contain bugs; a bug is a malfunction in a program, which can make the program take unwanted actions or errors. These bugs or vulnerabilities can be exploited by writing a code that is usually called an exploit. The most common […]
Let’s present all of the registers, as seen in OllyDbg:
Let’s explain this picture a little better. At the top of the picture, the general purpose registers are given. The EBP and ESP registers are generally used with stack frames, while the other registers can be used by the program […]
Android, as we are all aware, is a Linux-based operating system which was initially developed by Android Inc. and was later purchased by Google. It was designed for touch screen devices like smartphones, tablets, cameras, set-top boxes, etc… and has reached the hands of millions of consumers.
Over a period […]
In this post, I am going to discuss a new technique that I used to bypass ASLR on windows 7 for office 2010. By the end of this post you will be able to recognize how to run an exploit on windows 7 for office 2010.
For the sake of […]
So in the last post, we discussed how to insert your own payload by reversing a malware sample. Here, we are going to discuss how to execute an Office 2007 exploit on Office 2010.In order to complete this exercise, we will use the same exploit as in the last […]
1. Nmap API
When writing Nmap NSE scripts, we of course need to have a way to talk to the Nmap API, which provides us with various advanced features so we don’t have to write those features ourselves. We can’t do everything in LUA language that is used for writing […]
Summary: In this article we’ll take a look at the C program that prints “Hello World!” to the screen, which we’ll assemble and compile. Then we’ll compare the results and try to present what’s happening beneath the curtains. Specifically, we will look at which sections are present in the […]
Calling conventions are used by all programs without the user even realizing it. But before saying more about them, we must first make sure we understand what happens when a function gets called. Let’s say we have a function named “add” that we’ll be calling like this:
When the code […]
Injection and API Hooking – When you don’t know enough to know that you are getting it wrong…
Code Injection and API hooking techniques are gaining in popularity. Whether they are used in anti-malware products, malware itself, or in even more common places like the application compatibility layer provided by […]
Microsoft Detours is a library which we can use to build our own DLL that serves as an API monitor when analyzing the results. The best thing about it is that it doesn’t require other frameworks as a dependency. The downside is that only x86 support is available for […]
Code injection is a process of injecting executable code in a running process or static executable. Executable code in web applications can be injected by exploiting them with XSS (cross site scripting), LFI (local file inclusion), or remote file inclusion vulnerabilities (RFI). On the other hand, code can be […]
The VMware ESX source code (from 2004 according to VMware, Inc.) was partially leaked on November 4, 2012. Following due-diligence to determine the impact, the source code has been analyzed and audited for a number of common vulnerabilities. The source code was seemingly either only partially obtained or only […]