Articles in the Exploit Development category

Presenting Registers
Introduction Let's present all of the registers, as seen in OllyDbg: Let's explain this picture a little better. At the top of the picture, the general purpose registers are given. The EBP and ESP registers are generally used with stack frames, while the other registers can be used ...
NMAP Scripting Example
1. Nmap API When writing Nmap NSE scripts, we of course need to have a way to talk to the Nmap API, which provides us with various advanced features so we don't have to write those features ourselves. We can't do everything in LUA language that is used ...
Hello World: C, Assembly, Object File and Executable
Introduction Summary: In this article we'll take a look at the C program that prints "Hello World!" to the screen, which we'll assemble and compile. Then we'll compare the results and try to present what's happening beneath the curtains. Specifically, we will look at which sections ...
Calling Conventions
Introduction Calling conventions are used by all programs without the user even realizing it. But before saying more about them, we must first make sure we understand what happens when a function gets called. Let's say we have a function named "add" that we'll be calling like this ...
API Hooking with Microsoft Detours
Introduction Microsoft Detours is a library which we can use to build our own DLL that serves as an API monitor when analyzing the results. The best thing about it is that it doesn't require other frameworks as a dependency. The downside is that only x86 support is available ...
PDF File Format: Basic Structure
1. Introduction We all know that there are a number of attacks where an attacker includes some shellcode into a PDF document, which uses some kind of vulnerability in how the PDF document is analyzed and presented to the user to execute malicious code on the targeted system. The next ...
Hacking PDF: util.prinf() Buffer Overflow: Part 2
For part 1 of this series, click here. 1. Introduction In the previous part we've seen the structure of the PDF document and extracted the JavaScript contained in object 6. We also determined that the extracted JavaScript is run when the PDF document is opened. Now it's time ...
Hacking PDF: util.prinf() Buffer Overflow: Part 1
1. Introduction One of the first things we need to do is to remove the PDF Reader we currently have installed and reinstall the old version of PDF Reader. The old version of PDF Reader can be found on various web pages, but most prominent web page is definitely oldapps ...
Fuzzing Vulnserver with Sulley: Part 3
Introduction Vulnserver is a vulnerable server written by Stephen Bradshaw whose blog is located here: grey-corner. This server was written intentionally to be vulnerable, so we can learn fuzzing on it. It's kinda hard to learn fuzzing if we don't have any existing vulnerabilities in place to test ...
Fuzzing Vulnserver with Peach: Part 2
Introduction The vulnserver.exe server is a vulnerable server that was written specifically for fuzing purposes. Therefore the software intentionally contains vulnerabilities that we can exploit to gain control over the target operating system. Peach is a fuzzer that is capable of performing both generation and mutation based fuzzing. It ...