Skip to main content


Showing posts from September, 2018

Exploit Exercise Binary Exploitation Fusion level 02

Hello Crazy Hackers,

Welcome Again,
Today, I am going to share with you my exploit exercise fusion level 02 experience. This Challenge Was Not That Much Hard Or Easy For Me. It was like medium challenging for me but after all, it was pretty fun. So, let's quickly start.
Source Code
#include "../common/common.c" #define XORSZ 32 void cipher(unsigned char *blah, size_t len) { static int keyed; static unsigned int keybuf[XORSZ]; int blocks; unsigned int *blahi, j; if(keyed == 0) { int fd; fd = open("/dev/urandom", O_RDONLY); if(read(fd, &keybuf, sizeof(keybuf)) != sizeof(keybuf)) exit(EXIT_FAILURE); close(fd); keyed = 1; } blahi = (unsigned int *)(blah); blocks = (len / 4); if(len & 3) blocks += 1; for(j = 0; j < blocks; j++) { blahi[j] ^= keybuf[j % XORSZ]; } } void encrypt_file() { // // maybe make bigger for inevitable xml-in-x…

Exploit Exercise Binary Exploitation Fusion Level 01

Hello Friends,

Welcome Again . Today, I am going to share my another walk through experience of Exploit exercise fusion level 01. Basically, This Level is complete copy of previous level but here, the only difference is ASLR (Address Space Layout Randomization). Don't forget to Check Exploit Exercise Fusion level 00

So, Let's start.
HintThis is a simple introduction to get you warmed up. The return address is supplied in case your memory needs a jog :) Hint: Storing your shellcode inside of the fix_path ‘resolved’ buffer might be a bad idea due to character restrictions due to realpath(). Instead, there is plenty of room after the HTTP/1.1 that you can use that will be ideal (and much larger).
Source Code#include "../common/common.c" int fix_path(char *path) { char resolved[128] if(realpath(path, resolved) == NULL) return 1; // can't access path. will error trying to open strcpy(path, resolved); } char *parse_http_request() { char buffer[10…

Related Post