Jump to content
Tuts 4 You

Edit History

cjack

cjack

Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email.

This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode.

The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value)

Any of you that can give it a look? Thanks a lot guys!

(the vulnerable binary it's "vulnelf")

vulnelf

cjack

cjack

Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email.

This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode.

The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value)

Any of you that can give it a look? Thanks a lot guys!

(the vulnerable binary it's "vulnelf")

paycalc

vulnelf

cjack

cjack

Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email.

This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode.

The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value)

Any of you that can give it a look? Thanks a lot guys!

paycalc

vulnelf

cjack

cjack

Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email.

This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode.

The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value)

Any of you that can give it a look? Thanks a lot guys!

paycalc

×
×
  • Create New...