PikaChu cyberheartmi9
cyberheartmi9
/ Format String
Created
August 22, 2017 23:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==Phrack Inc.== | |
| 0x0b, Issue 0x3b, Phile #0x07 of 0x12 | |
| |=-------------=[ Advances in format string exploitation ]=--------------=| | |
| |=-----------------------------------------------------------------------=| | |
| |=---------=[ by gera <gera@corest.com>, riq <riq@corest.com> ]=---------=| | |
| 1 - Intro |
cyberheartmi9
/ Smashing The Stack For Fun And Profit
Created
August 22, 2017 23:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .oO Phrack 49 Oo. | |
| Volume Seven, Issue Forty-Nine | |
| File 14 of 16 | |
| BugTraq, r00t, and Underground.Org | |
| bring you | |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
cyberheartmi9
/ Pwning PHP mail() function For Fun And RCE
Created
August 22, 2017 23:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| |=-----------------------------------------------------------------------=| | |
| |=-------------=[ Pwning PHP mail() function For Fun And RCE ]=---------=| | |
| |=---------------=[ New Exploitation Techniques And Vectors ]=-----------=| | |
| |=----------------------------=[ Release 1.0 ]=--------------------------=| | |
| |=-----------------------------------------------------------------------=| | |
| |=-----------------------------------------------------------------------=| | |
| |=----------------=[ by https://legalhackers.com/ ]=-------------------=| | |
| |=-----------------------------------------------------------------------=| | |
| |=---------------------=[ https://ExploitBox.io ]=-------------------=| | |
| |=---------------------=[ @Exploit_Box ]=-------------------=| |
cyberheartmi9
/ Format String Technique
Created
August 22, 2017 23:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .oO NOP Ninjas Oo. | |
| presents: [Format String Technique] | |
| www.nopninjas.com | |
cyberheartmi9
/ ghetto XSS payloads
Created
August 22, 2017 23:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _____ _ _ _ __ _______ _____ _____ _ _ _ _ | |
| | __ \ | | | | | \ \ / / ___/ ___| / __ \ | | | | | | | | |
| | | \/ |__ ___| |_| |_ ___ \ V /\ `--.\ `--. | / \/ |__ ___ __ _| |_ ___| |__ ___ ___| |_ | |
| | | __| '_ \ / _ \ __| __|/ _ \ / \ `--. \`--. \ | | | '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __| | |
| | |_\ \ | | | __/ |_| |_| (_) | / /^\ |\__/ /\__/ / | \__/\ | | | __/ (_| | |_\__ \ | | | __/ __/ |_ | |
| \____/_| |_|\___|\__|\__|\___/ \/ \|____/\____/ \____/_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__| | |
| A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air. | |
| Simple character manipulations. |
cyberheartmi9
/ DNS Zone Transfer Protocol (AXFR)
Created
August 22, 2017 23:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Internet Engineering Task Force (IETF) E. Lewis | |
| Request for Comments: 5936 NeuStar, Inc. | |
| Updates: 1034, 1035 A. Hoenes, Ed. | |
| Category: Standards Track TR-Sys |
cyberheartmi9
/ DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
Created
August 22, 2017 23:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Network Working Group P. Mockapetris | |
| Request for Comments: 1035 ISI | |
| November 1987 | |
| Obsoletes: RFCs 882, 883, 973 | |
| DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION | |
| 1. STATUS OF THIS MEMO |
cyberheartmi9
/ DOMAIN NAMES - CONCEPTS AND FACILITIES
Created
August 22, 2017 23:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Network Working Group P. Mockapetris | |
| Request for Comments: 1034 ISI | |
| Obsoletes: RFCs 882, 883, 973 November 1987 | |
| DOMAIN NAMES - CONCEPTS AND FACILITIES | |
| 1. STATUS OF THIS MEMO |
cyberheartmi9
/ Ret2libc bypass setuid
Last active
April 4, 2018 00:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| |printf|pop-ret|%5$n|execl|exit|/bin/sh/|/bin/sh|execl-last-arg| | |
| ---------------------- | stack grow | |
| |execl-last-arg | | | |
| |--------------------- | | |
| |/bin/sh | | | |
| |--------------------- | |
cyberheartmi9
/ 0x280 Heap-and bss-Based Overflows
Created
April 17, 2018 00:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Table of Contents | |
| Previous Section Next Section | |
| 0x280 Heap-and bss-Based Overflows | |
| In addition to stack-based overflows, there are buffer-overflow vulnerabilities that can occur in the heap and bss memory segments. While these types of overflows aren't as standardized as stack-based overflows, they can be just as effective. Because there's no return address to overwrite, these types of overflows depend on important variables being stored in memory after a buffer that can be overflowed. If an important variable, such as one that keeps track of user permissions or authentication state, is stored after an overflowable buffer, this variable can be overwritten to give full permissions or to set authentication. Or if a function pointer is stored after an overflowable buffer, it can be overwritten, causing the program to call a different memory address (where shellcode would be) when the function pointer is eventually called. | |
| Because overflow exploits in the heap and bss memory segments are much more dependent o |
OlderNewer