WinExec calc.exe universal shellcode

Written by  on August 21, 2015

ASM: PUSH ESI ; LOCATE KERNEL32 BASE ADDR XOR EAX,EAX MOV EAX,DWORD PTR FS:[EAX+30] MOV EAX,DWORD PTR DS:[EAX+C] MOV ESI,DWORD PTR DS:[EAX+1C] LODS DWORD[...]

Avoiding badchars & small buffers with custom shellcode – OdinSecureFTPclient SEH exploit

Written by  on August 10, 2015

Hi there fellow pirates P-) ! This time we’ll be studying a vuln I just found on OdineSecureFTP client. Using the evil ftp server I fuzzed the aplication[...]

Attacking ftp clients with SEH exploits P-) filezilla 2.X case of study

Written by  on August 2, 2015

Hi there fellow pirates! Today we’ll be attacking filezilla client 2.2.X with a client side exploit. After doing a litle bit of research in oldapps.com[...]

NullByte challenge 0x01

Written by  on August 1, 2015

  #####NULL BYTE 0x01##### Codename: NB0x01 Download: ly0n.me/nullbyte/NullByte.ova.zip Objetcive: Get to /root/proof.txt and follow the instructions. Level:[...]

Writing exploits with an egghunter – part 1

Written by  on August 1, 2015

Today we’ll be studying the winam 6.12 playlist buffer overflow vuln. I found that vuln very interesting to study as it requieres an important amount[...]