Introduction Reflective DLL injection is being used to inject a DLL into a process without reading it from the storage. A stager is executed from the exploited buffer, which in turn retrieves the DLL from a server. The DLL is directly loaded and mapped into the process address space and execution is being handed over … More Exploit Development 5: Reflective DLL Injection
Introduction The rather small shellcode that was used so far, always neatly fitted into the exploited buffer on the stack. Unfortunately this might not always be the case. For this situation there is the concept of egg hunting. All it does is to provide a small shellcode which scans the memory for the actual (larger) … More Exploit Development 4: Egg Hunting
In the previous two tutorials we looked at how to exploit the vulnerable application with EIP as well as SEH based buffer overflow attacks. This time we will have a look at how to exploit the application when DEP (Data Execution Protection) is enabled. Code execution will be forbidden on the stack and will result in an access … More Exploit Development 3: ROP buffer overflow
This time we’re going to take a closer look at SEH (Structured Exception Handling) based exploits. Setup Compile the executable and library with the following options set: Analysis The idea is basically to overwrite the pointer to the exception handler and make it point to your injected shellcode. After an exception is triggered the hijacked … More Exploit Development 2: SEH buffer overflow
