Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks. This new module can be used to audit web servers/web server plugins/components/filters, by fuzzing form fields and optionally fuzz some header fields. While this […]
In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode. The example we have used allowed us to directly overwrite EIP and we had a pretty large […]
Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP […]
Last friday (july 17th 2009), somebody (nick)named â€˜Crazy_Hackerâ€™ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was […]
Corelan Live training
Demand Global Change
The world needs your help !
Please take a few moments to read the "Demand Global Change Call For Action" document at
Read the full document at
http://bit.ly/demandglobalchange_full and share the message with as many people as possible.
Like the Facebook page, and SHARE it with everyone you know.