x86 Exploitation 101: “Format Strings” – I’ll tell ya what to say

C/C++ (but also other languages) make a huge use of format functions: let’s think to all the times that we use them to print messages or when we need to write data formatted into a specific way inside a string. I’m talking, of course, about printf, fprintf, sprintf, etc. The principle behind all these functions […]

Advertisement

x86 Exploitation 101: “House of Lore” – People and traditions

It’s time now to talk about one of the most obscure (probably) techniques described by Phantasmal Phantasmagoria in his “Malloc Maleficarum“: THE HOUSE OF LORE When the “Malloc Maleficarum” was published, as it was a purely theoretical article, contained no real exploit implementations or practical examples. Things got a little bit better with blackngel’s “Malloc […]

x86 Exploitation 101: this is the first witchy house

So, history goes on with Phantasmal Phantasmagoria publishing a groundbreaking article in 2005 (right after the one-line-of-code unlink fix) called Malloc Maleficarum proposing five new ways of attacking the Linux heap implementation. If it took four years to fix the unlink vulnerability with just one line of code, so things looked pretty interesting in 2005. […]

x86 Exploitation 101: born in a shell

The next step in the exploitation is to spawn a shell by writing a shellcode that does it and using it to exploit a buffer overflow vulnerability. To do this it is necessary to use the execve system call exported by the Linux kernel: the function is listed in the unistd.h file and it is […]