Configuring SSH server
Adding a new user
Creating authorized keys for a specific client
Adding authorized keys to the SSH server
Logging in using authorized keys
Configuring Apache server to make it vulnerable
In the previous article, we saw the internal details of the Shellshock vulnerability. In this article, we will see […]
What is Shellshock?
When can it be exploited?
How to check if you are vulnerable
Checking your bash version
Running the fancy one-liner on your terminal
Technical insights of Shellshock
The basics of bash shell variables
Introducing bash environment variables
Exporting bash functions to environment variables
Parsing function definitions from strings
The actual vulnerability
Shellshock is now one […]
In this article we’ll present how we can hook the System Service Dispatch Table, but first we have to establish what the SSDT actually is and how it is used by the operating system. In order to understand how and why the SSDT table is used, we must first […]
Download the code associated with this article by filling out the the form below.
In this article we presented the details of using sysenter instruction to call from user-mode to kernel-mode. In older versions of Windows operating systems, the “int 0x2e” interrupt was used instead, but on newer systems sysenter […]
PDF files have become very common in everyday work. It’s hard to imagine business proposals without PDFs. The PDF format is used in almost all companies to share business deals, company brochures, and even invitations.
Previous years were not good for PDF users, as several vulnerabilities were published, such as […]
In recent years, several researchers have studied Linux kernel security. The most common kernel privilege vulnerabilities can be divided into several categories: NULL pointer dereference, kernel space stack overflow, kernel slab overflow, race conditions, etc.
Some of them are pretty easy to exploit and there is no need to […]
A heap overflow is a form of buffer overflow; it happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data. This is can lead to overwriting some critical data structures in […]
This article describes the stack. GDB is used to analyze its memory. One needs to know this subject to play with low-level security.
Environment: x86, Linux, GCC, GDB.
The following registers are mentioned in the article:
ESP (points to the top of the stack)
EBP (is used as a reference when […]
Most of the programs that we use every day contain bugs; a bug is a malfunction in a program, which can make the program take unwanted actions or errors. These bugs or vulnerabilities can be exploited by writing a code that is usually called an exploit. The most common […]
Let’s present all of the registers, as seen in OllyDbg:
Let’s explain this picture a little better. At the top of the picture, the general purpose registers are given. The EBP and ESP registers are generally used with stack frames, while the other registers can be used by the program […]