Search Results for: metasploit

Exploit writing tutorial part 3b : SEH Based Exploits – just another example

Published July 28, 2009 | By Peter Van Eeckhoutte (corelanc0d3r)

In the previous tutorial post, I have explained the basics of SEH based exploits. I have mentioned that in the most simple case of an SEH based exploit, the payload is structured like this : [Junk][next SEH][SEH][Shellcode] I have indicated that SEH needs to be overwritten by a pointer to “pop pop ret” and that […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged , , , , , , , , , , , , , , , , , , ,

Exploit writing tutorial part 3 : SEH Based Exploits

Published July 25, 2009 | By Peter Van Eeckhoutte (corelanc0d3r)

In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode.  The example we have used allowed us to directly overwrite EIP and we had a pretty large […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged , , , , , , , , , , , , , , , , , , , , , , , , ,

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

Published July 23, 2009 | By Peter Van Eeckhoutte (corelanc0d3r)

Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged , , , , , , , , , , , , , , , , , , , , , ,

Exploit writing tutorial part 1 : Stack Based Overflows

Published July 19, 2009 | By Peter Van Eeckhoutte (corelanc0d3r)

Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way,  failed to work on my MS Virtual PC based XP SP3 En). Another exploit was […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Backtrack 4 cheat sheet

Published July 4, 2009 | By Peter Van Eeckhoutte (corelanc0d3r)

Download backtrack from http://www.remote-exploit.org/backtrack_download.html. Current version at the time of writing is BT4 Pre-Final.This document is based on BT4 pre-final. Ergo, some of the instructions below may not work with other versions of BT. FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 – The Definitive Guide    1. Installing Backtrack […]

Posted in 001_Security, Linux and Unix | Tagged , , , , , , , , , , , , , , , , , , , , , ,

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace

    • Categories

    Mastodon: @corelanc0d3r | @corelan


    Copyright Peter Van Eeckhoutte © 2007 - 2025 | All Rights Reserved | Terms of use