This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - AnAnimal

Pages: [1]
1
Beginner's Corner / buffer overflow -opcode is saved as ascii text instead of address to be executed
« on: January 30, 2016, 12:43:16 PM »
Hi All

I am learning basics of buffer overflow with mainly shellcoder's handbook (+ google ofc).
Purpose of this excercise is to redirect flow of program.

According to the book, i should overwrite RET with address of other instruction, (in this case 0x0804844e). I can control where the input can be stored, however the book says to overwrite RET with address encoded in the way \x4e\x84\x04\x08.

But when i do so, I get SEGFAULT, and upon debugging it says that EIP was not overwritten with custom address, but with half of this code, encoded in hex. So what I get here is e.g. 0x5c783465 value of EIP which is ascii represenatation of \x4e (or similarly, I have tried various input lenghts but I never managed to encode any address in style \xYY)

Could anyone help me and tell me what i'm doing wrongly? How to store complete address to RET without having it encoded to ASCII?


2
Beginner's Corner / Re: sqlmap - unable to target site using multiple GET parameters
« on: September 22, 2015, 01:28:36 PM »
thank you guys, when I'm back home I'll check these tips and share the results in this post

//EDIT it works, thanks
@.goethe thanks too

3
Beginner's Corner / Re: What steps do i take to hack a php site with no variable ?
« on: September 22, 2015, 01:08:48 PM »
The variable may also be modified by mod_rewrite settings, e.g. it's set to translate url.com/images to url.com/index.php?page=images

you can try to brute-force find the variable name, trying if e.g.page=images, subtopic=images (popular variables names list you can found in the internet) and see the site behavior.

however, there might be no database implemented in the site and/or it simply can be impossible to "hack"  from application level, because it's too simple to have a security hole in the application

4
Beginner's Corner / sqlmap - unable to target site using multiple GET parameters
« on: September 21, 2015, 12:04:05 PM »
Hi All,

I have searched through web and also the forum however I haven't found any answer.
I am learning how to use SQLmap and I encountered such obstacle. Whenever I try to query site e.g. site.com/?firstparam=1&secondparam=2&...&lastparam=x

sqlmap returns something like [1] 8340  - random number here and then proceeds to check only the first parameter (normal scan goes here). I tried -p, skip x, also --method GET, but the result was nothing happened, I also got a notification that either --method and --data commands are not recognised (took them from manual so  ::) )

Also, swapping parameters places with each other wouldn't help as the site I am dealing with seems to use the first parameter as an "Action" (like which subsite to use - news, gallery etc) and without it querying only the last one obviously treats it as non-injectable

I would be grateful for any advices how do you usually deal with multiple-parameters using SQLmap is it possible the sqlmap itself is kind of corrupted?

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.