opcode

Metasploit Bounty – the Good, the Bad and the Ugly

Published July 27, 2011 |

On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled “30 exploits, $5000 in 5 weeks”, a post on the Rapid7 blog lists the 30 “bounties” selected by the MSF team, waiting for someone to claim and submit a working exploit module.
Continue reading →

Posted in 001_Security, Exploits | Tagged advapi32.dll, aslr, asm, auriemma, bounty, carchive, cash, challenge, contest, debugger, dep, egg, egghunter, exploit, fix, genbroker, genclient, genesis, hd moore, heap, hmi, iat, iconics, immunity, incentive, integer, luigi, malloc, metasploit, meterpreter, mfc71u.dll, migrate, mona.py, ntsetinformationprocess, opcode, overflow, payload, peb, rop, rop.txt, ropfunc, scada, serialization, spray, stage, unicode, venetian, vtable, w00tw00t, windbg

Exploit writing tutorial part 9 : Introduction to Win32 shellcoding

Published February 25, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

Over the last couple of months, I have written a set of tutorials about building exploits that target the Windows stack. One of the primary goals of anyone writing an exploit is to modify the normal execution flow of the application and trigger the application to run arbitrary code… code that is injected by the […]

Posted in 001_Security, Exploit Writing Tutorials | Tagged asm, assembly, bad chars, beta3, bits 32, bytecode, calc, charset limitation, decoder, encoder, ExitFunc, ExitProcess, ExitThread, exploit, exploit writing, find function, fstenv, fstenv_mov, GetProcess, hash, intel, introduction win, kernel32, loadlibraryA, loopd, MessageBoxA, metasploit, nasm, null bytes, opcode, part introduction, peb, pvefindaddr, pvereadbin.pl, pvewritebin.pl, seh, shellcode, shikata_ga_nai, skylined, topstack, tutorial part, user32, w32-testival, win shellcoding, win32, WinExec, writing, writing tutorial, x86

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

Published July 23, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged 41414141, add esp, blind return, buffer, buffer overflow, bytes, dll, eip, findjmp, jmp, jmp esp, jumpcode, metasploit, nop, opcode, pop, pop pop ret, push ret, pwned, reg + offset, ret, shellcode, stack

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Metasploit Bounty – the Good, the Bad and the Ugly

Exploit writing tutorial part 9 : Introduction to Win32 shellcoding

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!