Stack-based Buffer Overflow exploitation to shell by example. There are a lot of tutorials out there about exploitation of memory corruption bugs, but I struggled to find step-by-step ones, that would start with simplest examples possible.
So I figured that while learning more advanced techniques of exploitation I can dump my knowledge about those which I already know. OK, so let's start from the ground up! 0. Prerequisites In this tutorial I'm going to use a few tools: - gdb (with pwndbg extension - - writing exploits means spending a lot of time in this tool, I recommend learning it as fast as possible - metasploit - python! Other than that, a little bit of assembly knowledge would be really helpful. - document with calling conventions for a lot of architectures, we are gonna look inside a few times. We are going to assume that we are working on x86_64(Linux) architecture if not stated otherwise. 1. For the simplicity of this guide, we will stick to C programming language for all the examples. gcc exploit100.c -o exploit100 -fno-stack-protector Stack? Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal.
I love coffee, that’s a fact, and I drink liters of it during the week … I also am a nerd and a hacker, so a few days ago I bought a Smarter Coffee machine on Amazon, basically a coffee machine that you can control over your home wifi network using a mobile application ( both for Android and iOS ).The app is really nice: you can set the amount of cups you want, the strength of the coffee, etc, then you only need to press a button and wait for your delicious coffee to be brewed.
Since I work from home, most of the times I’m using the computer keyboard, not a smartphone, therefore I wanted/needed a console client for it, something that the vendor never released, so I started reversing the Android application in order to understand the communication protocol and write my own client implementation … guess what? :D Yep, i can make coffee using the terminal now :D Reversing the Protocol Each of these “packets” is sent to tcp port 2081 of the machine, the protocol is very simple. Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image. Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems.
Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/CVE-2016-8332, could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution. OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF. Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email.
Architecture of x64dbg · x64dbg. 04 Oct 2016, by torusrxxx x64dbg has a complex architecture.
There are three basic parts, namely DBG, BRIDGE and GUI, but in fact there is a fourth part, EXE. This is the main executable, it compiles into x64dbg.exe. Bootstrapping When the user starts x64dbg, it will follow this initialization path to get x64dbg running: Debugging To start debugging, the GUI sends an init command to the DBG. CbDebugInit Check various things Run threadDebugLoop in a new thread debugLoopFunction #2289: Initialize various variables #2323: DbSetPath #2338: CreateProcess #2351: Check for Wow64 mismatch #2379: Set up TitanEngine handlers #2392: Tell GUI to enter the initialized state #2404 Call the CB_INITDEBUG plugin callback #2429 Enter the DebugLoop Message passing from GUI to DBG There are four methods to call DBG from GUI. Commands dispatch DbgCmdExec is relayed by the bridge to the DBG and eventually received by the cmdloop running in the command thread. Directly exported functions Export functions dispatch.
Basic command line, text-based, shellcode debugger.