Gera’s Insecure Programming Advance Buffer Overflow #1 (ROP NX/ASLR Bypass)
After my last post, I decided to go straight into the Advance Buffer Overflow (ABO) section and practice more ROP. The first ABO exercise was a straight-forward buffer overflow. ABO #1 source code: The...
View ArticlePop Pop Ret Finder
If you’ve attempt to write an SEH Record exploit, you know that it could be a little time consuming to find a pop pop ret instruction sequence inside a module that has SafeSEH off. This is because...
View ArticleEscaping Python Sandboxes
Note: This is all written for Python 2.7.3. These details might be different in other versions of Python – especially 3+! Attempting to escape a sandbox is always a fun challenge. Python sandboxes are...
View Article29c3ctf – minesweeper
Challenge Overview The challenge was presented as a game to be played over the internet. Players could access the game and play a command line version of minesweeper by connecting to a port on the game...
View ArticleHTTP Response Splitting
This blog post describes about the lesser known attack, targeted towards HTTP Headers due to improper input validation. It also describes on how other attacks can be mounted using this mechanism....
View ArticlePadding Oracle Attack
Introduction: This kind of attack exists because of the cryptographic padding that takes place on the message length. Since, Plaintext can be of varying length, however block ciphers require that all...
View ArticleWriting an XSS Worm
This was done while interning at Gotham Digital Science and the original blog post can be found here: http://blog.gdssecurity.com/labs/2013/5/8/writing-an-xss-worm.html User privacy is an increasingly...
View ArticleCraSH
July 5-7 Brooklynt Overflow participated in SIGINT CTF hosted by the good folks over at CCCAC in Germany. Despite the fact that Brooklynt Overflow is not always the most effective team during the...
View ArticleNullCon Vuln 2 Stack Based Buffer Overflow
Exploitation 200 HackIM Triage This challenge gave us a binary called srv2. Running file on the binary we are shown CheckSec revealed there was no NX but we assumed ASLR was enabled on the challenge...
View ArticleNULLCON CTF Vuln4 – Stack Buffer Overflow
Brooklynt Overflow Recently Competed in HackIM CTF. This is a writeup of the vuln4 service. The author was kind enough to provide source to this challenge which is nice but ultimately not necessary or...
View Article
