vulndev Exploiting the same Use after Free twice to leak the mem layout and execute code - MBE LAB7C walkthrough The target app This time we are dealing with a very plain and simple UaF vulnerability. The source code can be found here: https://github.com/RPISEC/MBE/blob/master/src/lab07/lab7C.c Right away we can see two data structure definitions, which more-less suggest what we are going
vulndev MBE is fun - lab6A walkthrough I'll try to keep this one short. What we are going to cover We are not going to overwrite the saved RET on the stack (we're gonna have a different pointer available, without touching the stack protector). We are also going to: * beat ASLR with an
vulndev The XOR madness of MBE's tricky lab6B - a walkthrough This post is a continuation of my MBE (Modern Binary Exploitation) walkthrough series. In order to get some introduction, please see the previous post: https://hackingiscool.pl/mbe-lab6c-walkthrough/. A look at the target app So let's get right to it. The source code of the target application can
vulndev MBE lab6C walkthrough About MBE Some time ago I came across RPISEC's free Modern Binary Exploitation course (https://github.com/RPISEC/MBE) which I can't recommend enough. You get lectures, challenges and a ready out-of-the-box operational Ubuntu VM to play with. Yup, this course is Linux-focused, which made it
vulndev Vulnserver - my KSTET exploit (delivering the final stage shellcode through an active server socket) The purpose of writing this up was only to present a little trick I came up with while playing with vulnserver's (http://www.thegreycorner.com/2010/12/introducing-vulnserver.html) KSTET command (one of many protocol commands vulnerable to some sort of memory corruption bug). In spite of the
