Exploit Development 5: Reflective DLL Injection

Introduction Reflective DLL injection is being used to inject a DLL into a process without reading it from the storage. A stager is executed from the exploited buffer, which in turn retrieves the DLL from a server. The DLL is directly loaded and mapped into the process address space and execution is being handed over … More Exploit Development 5: Reflective DLL Injection

Exploit Development 3: ROP buffer overflow

In the previous two tutorials we looked at how to exploit the vulnerable application with EIP as well as SEH based buffer overflow attacks. This time we will have a look at how to exploit the application when DEP (Data Execution Protection) is enabled. Code execution will be forbidden on the stack and will result in an access … More Exploit Development 3: ROP buffer overflow

Exploit Development 2: SEH buffer overflow

This time we’re going to take a closer look at SEH (Structured Exception Handling) based exploits. Setup Compile the executable and library with the following options set: Analysis The idea is basically to overwrite the pointer to the exception handler and make it point to your injected shellcode. After an exception is triggered the hijacked … More Exploit Development 2: SEH buffer overflow

Exploit Development 1: EIP buffer overflow

In this post we’re going to look at an EIP based buffer overflow. We will exploit a small example C++ program. Setup The following setup will be used: Windows XP SP3 English (32bit) VC++ 14 runtime WinDbg 6.12 as post mortem debugger Immunity Debugger 1.73/1.85 (with pvefindaddr and mona plugins) Dependency Walker 2.2.6000 Windows 10 … More Exploit Development 1: EIP buffer overflow