Exploit development (10)

Think of exploits as the bullets in hackers’ artillery. All the tools in hackers’ arsenal and all of the hackers’ actions were absurd without exploits. Exploits in simple words are some kind of data that are designed to perform a malicious action; normally the artifact is not designed to do so! Hackers somehow find a bug in a software (or hardware) and make use of that bug to build an exploit and take control of the system or perform other actions by running the exploit. Running the exploit is simply sending the crafted data to the software.

The main concentration of this category is buffer overflow exploits. Buffer overflow exploits make use of a special type of software bugs and are the most devastating type of hacker weapons. In the introduction to the buffer overflow exploit development you learn all you need for other advanced materials in exploitation area.

Most of the materials found in this category are adopted from The Art of Exploitation, A Guide to Kernel Exploitation and The Shellcoders Handbook. If you want to become a “REAL” hacker I strongly recommend you read these books.

Latest Articles

Hacking Team Word 2013 exploit analysis

Tuesday, 01 March 2016 00:00 Written by
Hacking Team Word 2013 exploit Analysis In this study(PDF), an exploit of hacking team affecting Microsoft office 2007, 2010 and 2013 has been assessed. The exploit itself leverages the capability of Microsoft word to render Shockwave Flash files and exploits a vulnerability of Internet Explorer ActiveX. Our reverse engineering of…

kernel exploit Vs user land exploitation

Monday, 13 July 2015 00:00 Written by
kernel exploit Vs user land exploitation Kernel exploits are used for privilege escalation, whereas user-land exploits aim to access a system and arbitrary execute a command. The privilege of the spawned shell or executed command totally depends to the privilege of the target vulnerable application and in a hardened environment…

privilege escalation shellcode

Monday, 13 July 2015 00:00 Written by
Privilege escalation shellcode The shellcodes of a kernel exploit and a user-land exploit are different in nature. The former is used for privilege escalation while the latter probably just steal the execution flow to his or her advantage. Remote kernel exploit shellcode share the characteristics of both world i.e. they…

X86 useful Assembly instructions and registers for hacking

Monday, 13 July 2015 00:00 Written by
X86 useful Assembly instructions and registers for hacking We can say x86 is the most common architecture among users. For hacking and exploitation, there is lots of juicy information that can be found just by reading registers. Also from an exploit writer point of view, there are interesting instructions in…

Popular Articles

Exploit development for Format String vulnerability Format string vulnerability is…
kernel exploit Vs user land exploitation Kernel exploits are used…
X86 useful Assembly instructions and registers for hacking We can…
Privilege escalation shellcode The shellcodes of a kernel exploit and…

Bypass DEP | Bypass ASLR | Bypass Stack Canary

Thursday, 09 July 2015 00:00 Written by
Bypass DEP and NX bit | Bypass ASLR | Bypass Stack Canary and Cookie Buffer overflows are not anymore the most popular vulnerabilities. The vulnerability analysis tools aid the developers to identify buffer overflow vulnerabilities (at least the obvious ones) at the time of development and this significantly had reduced…

off by one buffer overflow

Tuesday, 23 June 2015 00:00 Written by
off by one buffer overflow Off-by-one vulnerability is a type of buffer overflow that allows you to only modify one byte. It is a result of miscalculation of the buffer length. Below is an example of off-by-one vulnerability in C language: int get_user(char *user) { char buf[1024]; if(strlen(user) > sizeof(buf))…

building shellcode tutorial

Tuesday, 23 June 2015 00:00 Written by
Building shellcode tutorial What is shellcode? Shellcode is a series of location independent bytes that are able to perform a certain task. In other words shellcode can be injected in any places in memory and run. You can input shellcode in your exploit and expect to fulfill your goal without…

Exploit development for Format String vulnerability

Monday, 22 June 2015 00:00 Written by
Exploit development for Format String vulnerability Format string vulnerability is the result of wrong usage of format functions in C language. Format string vulnerability is the favorite vulnerability of many exploit writers since it provides arbitrary memory overwrite in contrast to stack based buffer overflows where you are just limited…
Advanced Programming Concepts
News Letter

Subscribe our Email News Letter to get Instant Update at anytime