forked from lanjelot/kb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploitation
72 lines (53 loc) · 2.38 KB
/
exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# exploitation
# gcc -m32
* signed int (4 bytes)
0x80000000 -> 0xffffffff -> 0x7fffffff
-2147483648 -> -1 -> 2147483647
array max index is 0x7fffffff then it wraps to 0, e.g: blah[0x80000001] == blah[1]
# tutorials
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
...
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
http://www.win.tue.nl/~aeb/linux/hh/hh-10.html
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/videos
# linux kernel
https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
# rop on x64
https://blog.skullsecurity.org/2015/defcon-quals-r0pbaby-simple-64-bit-rop
https://github.com/jeffball55/rop_compiler
# rop 101
http://beta.hackndo.com/return-oriented-programming/
http://seclists.org/fulldisclosure/2015/Jun/76
# syscalls
https://github.com/Hackndo/misc/blob/master/syscalls32.md
https://github.com/Hackndo/misc/blob/master/syscalls64.md
# browser exploitation
https://github.com/demi6od/Smashing_The_Browser
# Writing Kernel Exploits
http://ugcs.net/~keegan/talks/kernel-exploit/talk.pdf
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
https://osandamalith.com/2017/04/05/windows-kernel-exploitation-stack-overflow/
# heap visualization
https://github.com/wapiflapi/villoc
# heap exploitation tuto
https://github.com/shellphish/how2heap
# framework
https://github.com/zcutlip/bowcaster.git
# shellcode
https://github.com/reyammer/shellnoob
# pe
http://hshrzd.wordpress.com/pe-bear/
# bin visualization
https://github.com/google/binnavi
# windows internals
http://web.archive.org/web/20110715155147/http://sveta.rawol.com/?topic=2
# datasheet (specs techniques)
http://www.datasheetlib.com/
# rop
http://www.ropgenius.com/
# format string
https://github.com/hellman/libformatstr
http://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf (some bits are outdated such as: The GNU C library contains a bug, that results in a crash if you use parameters like ‘%nd’ with n greater than 1000. This is one way to determine the existance of the GNU C library remotely"
fmt string challenge: https://w3challs.com/challenges/challenge67
https://blog.skullsecurity.org/2015/defcon-quals-babyecho-format-string-vulns-in-gory-detail (jrm)