selftaught

Exploiting a Stack Buffer Overflow (return-to-libc attack)

A stack buffer overflow occurs when a program writes to a memory address on it's call stack outside of the intended structure / space.

In this walk-through, I'm going to cover the ret2libc (return-to-libc) method. This method of exploitation is great because it doesn't require the use of your typical shellcode. It involves making sys calls to the functions provided to us by libc (standard c library). We're going to use the system and exit sys calls for demonstration.

To have a good understanding about how stack overflows work, it's extremely helpful to know how stack data structures work, and more importantly - how the call stack works. For the sake of time, I'm not going to type out how these two things work in great detail. If you want to know how these work, I would recommend watching stack and call stack.

Creating a vulnerable binary to test

alanshaw

// Get state for multiple elements
// getState is passed an element and should return a promise that gets some state
// e.g. http://nightwatchjs.org/api#elementIdText
// Callback will be called with an array of the state values once they're all resolved
exports.command = function getElementsState (selector, getState, callback) {
  this.elements('css selector', selector, function (elements) {
    const values = elements.value.map(getState)
    Promise.all(values).then(callback)
  })
  return this

rverton

# Install chromedriver from https://sites.google.com/a/chromium.org/chromedriver/downloads

import os  

from optparse import OptionParser

from selenium import webdriver  
from selenium.webdriver.chrome.options import Options

CHROME_PATH = '/usr/bin/google-chrome'

proclaim

var util = require('util');
var events = require('events');

function WaitForText() {
  events.EventEmitter.call(this);
}

util.inherits(WaitForText, events.EventEmitter);

WaitForText.prototype.command = function(selector, expectedText, timeoutInSec, callback) {

medynski

  function fpsMeter() {
    let prevTime = Date.now(),
        frames = 0;

    requestAnimationFrame(function loop() {
      const time = Date.now();
      frames++;
      if (time > prevTime + 1000) {
        let fps = Math.round( ( frames * 1000 ) / ( time - prevTime ) );
        prevTime = time;

skarllot

# Create ifaces
iscsiadm -m iface -I iface0 -o new
iscsiadm -m iface -I iface0
iscsiadm -m iface -o update -I iface0 -n iface.net_ifacename -v eth0

# Discovery
iscsiadm -m discovery -t sendtargets -p 192.168.0.1 -I iface0 -I iface1

# Delete undesired targets
iscsiadm -m node -T iqn.2014-01.com.example:vol0 -p 192.168.0.1 -o delete

initbrain

#!/usr/bin/env python

from Queue import Queue
from threading import Thread
from urllib2 import urlopen
from re import compile, MULTILINE
from time import time


class ThreadUrl(Thread):

samdoran

#!/bin/bash

# Encrypt existing hard drive in place.
# Requires a second physical drive to temporarily store data. This drive will be erased.
# This script is meant to be run on Clonezilla 1.2.9-19 or later.
# The cryptsetup syntax is different in Clonezilla than in Red Hat.



# --- Variables --- #

domenic

This article has been given a more permanent home on my blog. Also, since it was first written, the development of the Promises/A+ specification has made the original emphasis on Promises/A seem somewhat outdated.

You're Missing the Point of Promises

Promises are a software abstraction that makes working with asynchronous operations much more pleasant. In the most basic definition, your code will move from continuation-passing style:

getTweetsFor("domenic", function (err, results) {
 // the rest of your code goes here.

ibeex

import ldap

def check_credentials(username, password):
   """Verifies credentials for username and password.
   Returns None on success or a string describing the error on failure
   # Adapt to your needs
   """
   LDAP_SERVER = 'ldap://xxx'
   # fully qualified AD user name
   LDAP_USERNAME = '%s@xxx.xx' % username