IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [exploit]

The data, tools, and procedures which, when applied to a specific vulnerability, predictably violate the security design of a system.

1300 questions
59
votes
2 answers

Why does this attack check the location of the server?

Recently (just now) the npm package ua-parser-js was found to be hijacked. The hijack installs a crypto miner on preinstall but I noticed the following passage in the preinstall script: IP=$(curl -k https://freegeoip.app/xml/ | grep…
Calin Leafshade
  • 663
  • 4
  • 6
52
votes
1 answer

What vulnerability is a math operation in an HTTP request trying to exploit?

I found the following string '' in a blocked request logged by our WAF this morning. This string was contained in the path as well as a number of headers. GET /?'' Host:…
Dave Rager
  • 645
  • 5
  • 8
30
votes
2 answers

Why is 0x41414141 associated with security exploits?

This article and this search suggest that the 32-bit word 0x41414141 is associated to security exploits. Why is 0x41414141 associated to security exploits?
Randomblue
  • 1,715
  • 3
  • 15
  • 17
10
votes
2 answers

is computrace a permanent backdoor?

I was reading about CompuTrace and this thing is pretty much a backdoor and irremovable. It's in the firmware, in the BIOS and survives formatting and even hard drive change and OS reinstalls. Some question came to mind, Does CompuTrace work with…
elipconis
  • 101
  • 1
  • 1
  • 3
7
votes
1 answer

Suspicious activity on contact form, what are their intentions?

I've just started receiving several emails per second and I think it's likely someone is trying to exploit my contact form. I've taken steps to protect my site, I'm just curious what it is they're trying to do. Some…
Scott Helme
  • 3,228
  • 3
  • 23
  • 33
6
votes
2 answers

How does the stack cookie protect return address from being overwrite

/GS compiler option Micorsoft developed added an extra cookie before the return address and before returning the cookie is checked, if it is intact then return address is safe why ever would this assumption hold ? In my understanding this…
zinking
  • 161
  • 1
  • 1
  • 6
6
votes
1 answer

ROP resistant gadgetless binaries

G-Free: defeating return-oriented programming through gadget-less binaries This paper describes what seems like a really cool technique to prevent ROP attacks if the source is availible. They use an assembly preprocessor getween gcc and the…
staticd
  • 169
  • 2
6
votes
2 answers

Continuous Integration for Exploit Development

I have been thinking about this subject a lot. Exploit Development is nearly the same as normal development, you need to test quite a lot of platforms (eg. Windows XP, Windows Vista, x64, x86, Chinese, English versions). This problem asks for unit…
Stolas
  • 303
  • 1
  • 13
6
votes
2 answers

How does sensitive information leak assist in exploit development?

According to this bug report, the first vulnerability can leak sensitive information. But since it doesn't mention what information to leak, I guess it would be the stack? And how could this help in exploit development?
daisy
  • 2,067
  • 7
  • 31
  • 44
5
votes
2 answers

Is there a way to evade -Wformat-security?

I am trying to learn about format string bugs and I found the gcc option -Wformat-security to raise a warning when a potential format string bug is found. I would like to know if there is a way to evade this check and still have a format bug…
perror
  • 853
  • 2
  • 10
  • 27
5
votes
2 answers

How to modify the hex code in the exploit to meet my requirements?

I was looking into the latest exploit for Windows Server 2008 here. When I tried to modify the code to fit my needs I got stuck on this line: # Shellcode TCP Reverse to 192.168.125.133 1337 reversetcp_shellcode =…
user156894
  • 121
  • 1
  • 3
4
votes
0 answers

How to analyse a suspicious Encapsulated Postscript file?

How can you analyze an encapsulated PostScript file that has a standard header, but is way too big? There is a EPS file which has a size of 1.8MB. When it is reconverted to EPS, the resulting file is 1.5MB smaller. The header of the converted and…
serv-inc
  • 471
  • 1
  • 4
  • 11
4
votes
1 answer

gray hat hacking 4th edition question

Example Using find.c Using find.c as an example, how would this manual source code auditing process work? We need to start with user data entering the program. As seen in the preceding ITS4 output, a recvfrom() function call accepts an incoming UDP…
span1223
  • 41
  • 2
4
votes
1 answer

How did GamerFood hack the Starcraft IEM Taipei Tournament?

During the recently completed professional Starcraft tournament, Intel Extreme Masters (IEM) Taipei 2015, the notorious cheat software company Team Gamer Food hacked the cast somehow. How did they do it? I have included a screen shot below showing…
Tyler Durden
  • 1,156
  • 1
  • 9
  • 18
4
votes
3 answers

Memory Corruption in C/C++

I'm doing a study on Memory Corruption. I need to compile a list of all the exploitable memory corruption issues that have been recognized till date and provide a sample vulnerable code for it. I need help from the community. I tried searching but…
john4tech
  • 151
  • 3
1
2 3 4 5