Exploit Writing Tutorials (37)

Exploit writing tutorial part 1 : Stack Based Overflows

Last friday (july 17th 2009), somebody (nick)named โ€˜Crazy_Hackerโ€™ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by Read more

Read More

Exploit writing tutorial part 2 : Stack Based Overflows - jumping to shellcode

Where do you want to jmp today ?

In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a Read more

Read More

Exploit writing tutorial part 3 : SEH Based Exploits

In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode.  The Read more

Read More

Exploit writing tutorial part 3b : SEH Based Exploits - just another example

In the previous tutorial post, I have explained the basics of SEH based exploits. I have mentioned that in the most simple case of an SEH based exploit, the payload is structured like this :

[Junk][next SEH][SEH][Shellcode]

I Read more

Read More

Exploit writing tutorial part 4 : From Exploit to Metasploit - The basics

In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take Read more

Read More

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development

In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins Read more

Read More

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Introduction

In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server.

The success of all of these exploits (whether they are based on direct Read more

Read More

Exploit writing tutorial part 7 : Unicode - from 0x00410041 to calc

Finally โ€ฆ after spending a couple of weeks working on unicode and unicode exploits, Iโ€™m glad and happy to be able to release this next article in my basic exploit writing series : writing exploits for stack based unicode Read more

Read More

Exploit writing tutorial part 8 : Win32 Egg Hunting

Introduction

Easter is still far away, so this is probably the right time to talk about ways to hunting for eggs (so you would be prepared when the easter bunny brings you another 0day vulnerability)

In the first parts Read more

Read More

Starting to write Immunity Debugger PyCommands : my cheatsheet

When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to Read more

Read More