Skip to main content
704 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
2 votes
2 answers
222 views

I'm learning about shellcode execution in C and I've seen two different approaches. I understand the first one is for exploitation, but I'm confused about the type casting. Approach 1: Stack Overflow ...
Vasan Dilaksan's user avatar
  • 29
4 votes
1 answer
191 views

I made a simple vulnerable program greet.c: #include <stdio.h> #include <string.h> int main (int argc, char **argv) { char buf[32]; strcpy(buf, argv[1]); printf("%s\n"...
AISK's user avatar
  • 65
1 vote
1 answer
169 views

I am doing a cybersecurity challenge and need to open a shell using shellcode. The usual shellcode is \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\x50\x52\x51\...
Exekr's user avatar
  • 21
-4 votes
1 answer
110 views

CreateRemoteThread() fails with error 5 when calling inject_param->allocate() in inject_begin(). Comment it and CreateRemoteThread() is OK. I dont know why. The target platform is 64-bit. #include &...
Yulin.Li's user avatar
  • 1
3 votes
2 answers
224 views

I'm trying to create a main. I compiled my code with: $ gcc -g3 -o shellcode shellcode.c But I always get a Segmentation fault (core dumped) Using GDB, I see that the first instruction is executed ...
Asile34's user avatar
  • 485
2 votes
0 answers
154 views

I'm trying to play around with asm and shellcode, my target is to manage to dlopen a custom library. I've created a code in C that calls a fake dlopen method, compiled it and used objdump to extract ...
Marcel's user avatar
  • 81
2 votes
0 answers
68 views

I have a C program that parses the PEB and gets kernel32.dll and then with a custom GetProcAddress it gets the address to LoadLibrary. After that I get the address of MessageBoxA. My goal is to ...
drexco's user avatar
  • 21
0 votes
0 answers
188 views

So basically the problem is as follows: I have written a ROP chain that calls shellcode from the stack. The ROP chain has also been tested with simple shellcode to call a calculator and it works. This ...
xler's user avatar
  • 1
2 votes
1 answer
519 views

MOV RAX, 0x68732f6e69622f CDQ PUSH RAX PUSH RSP POP RDI PUSH RDX PUSH 0x632d PUSH RSP POP RSI PUSH RDX CALL FUN_0000001e INSB RDI, DX JNC FUN_0000001e FUN_0000001e: PUSH ...
Ricket's user avatar
  • 21
3 votes
0 answers
70 views

I'm trying to write a shellcode to play with a strcpy vulnerability, trying to understand a bit more about how that stuff works. So far i've managed to inject a sort of "hello world" written ...
Tom BARAT's user avatar
  • 31
0 votes
1 answer
180 views

When I compile my shellcode and run it, Strace does not show an error. When I use my shellcode tester, I get a segmentation fault. I don't know why, maybe there's a smarter guy than me who can help me ...
Marius Romeiser's user avatar
  • 45
2 votes
1 answer
1k views

I was playing some picoCTF challenges today and I found myself stuck in a challenge. Digging around the internet, I found a solution online which I cannot fully grasp. The challenge (whose name I won'...
Jacopo Bracaloni's user avatar
  • 67
1 vote
1 answer
202 views

I tried to modify this shellcode and make it run notepad.exe instead of calc.exe. I'm pushing notepad.exe onto the stack with this code snippet: mov r9, 0x0000000000657865 push r9 mov r9, ...
FAMO4S's user avatar
  • 47
2 votes
1 answer
225 views

Objective I am learning exploit development and one of the topics is on writing shellcode. Typically, msfvenom would do the job well with shikata ga nai encoding. The shellcode generated will also ...
balapoopi's user avatar
  • 66
0 votes
1 answer
3k views

Im have been doing a course on writting pwntools based exploits. While trying a challenge, after all my attemps I recieve the error "Got EOF while reading in iteractive". My shellcode in ...
Espartex200's user avatar
  • 1
3 votes
1 answer
464 views

Context: I know it is possible to execute assembly code in vba. A simple method is to overwrite the entry of a COM object's virtual table (vtable) with a function pointer to some place in memory that ...
Greedo's user avatar
  • 5,625
1 vote
2 answers
144 views

The code in question: mov ebx, fs:30h Consequent shellcode: 648b1d30000000 I can't seem to figure out how to write this without null bytes.
R-Rothrock's user avatar
  • 447
-7 votes
1 answer
301 views

I am using MiniDumpWriteDump callbacks to read the dump into memory and encrypt it before storing to a file. It is being executed as a part of shellcode that is being written over EventAggregation.dll ...
smalik03's user avatar
  • 1
1 vote
0 answers
60 views

This Python code is a simple script that encrypts a shellcode using XOR with a secret key, creates a decoder stub in assembly language, assembles the decoder stub, and then compiles it into a Windows ...
the man 's user avatar
  • 11
1 vote
1 answer
566 views

Here's my shellcode: xor rax, rax xor rdi, rdi xor rsi, rsi xor rdx, rdx ; getting address of `pathname` mov rdi, [something] mov al, 59 mov rdi, rsp syscall ...
R-Rothrock's user avatar
  • 447
0 votes
0 answers
45 views

I'm trying to learn how to create shellcode. I've followed several tutorials online and I still can't get it to work. I start by writing clean assembly x86 code to spawn a shell, extract the opcode, ...
metal4all's user avatar
  • 1
0 votes
0 answers
143 views

The problem is based on linux/x64 asm wget+chmod+exec I have some questions to ask I am using pwntool for buffer overflow attack, I want to stuff the shellcode in the stack for him to run, I tested ...
0xbe61a55f's user avatar
  • 3
0 votes
1 answer
100 views

I have a bytes key define as: KEY = b'\xb5\x89\xd5\x03\x03\x96`\x9dq\xa7\x81\xed\xb2gYR' I want this to be formatted like shellcode, i.e two hexa characters like: \x41\x42\x43... So I tried to do it ...
IRP_HANDLER's user avatar
  • 309
0 votes
1 answer
288 views

Using mprotect to set main() as writeable correctly works using this code. https://godbolt.org/z/68vfrTq8z #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <...
vengy's user avatar
  • 2,467
0 votes
1 answer
626 views

I have a powershell script which execute the shellcode. $code = 0xe8,0x3b,0x3d,0x03,0x00,0x3b,0x3d,0x03 $code.GetType() [Byte[]] $buf = $code $buf.Length The output of above command is IsPublic ...
Vikas's user avatar
  • 3

1
2 3 4 5
15