This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.
Hope you guys enjoy it :).
23 mar 2012
Website Pro <= 3.1.13.0 "Referer:" Remote Buffer Overflow PoC
The crash occurs when the application tries to write ECX (0x00000000) into the address that contains EAX (we control EAX) (0xBAADBEEF) . Possible explotable, not tested yet.
SHODAN Dork: "Server: Website/3.1"
Link: http://www.1337day.com/exploits/17806
12 mar 2012
backfuzz - protocol fuzzing toolkit
Well, after a while I am releasing this simple fuzzer.
Crash reached (FTP):
Crash reached (HTTP):
File Fuzzing:
File Fuzzing (Files):
You can use this basically to fuzz different protocols (FTP, HTTP, IMAP, etc) but also has no-protocol plug-ins (Example: File Fuzzer).
The general idea is that this script has several functions already predefined in the file "functions.py", so whoever wanna write his own plugin's (for another protocol) in a few lines and add it to the script can do so.
I know the code is still in beta and requires a lot of work to get better, so any questions / suggestions / criticism / comment is welcome.
Screenshots:
Help Menu:
Crash reached (FTP):
Crash reached (HTTP):
File Fuzzing:
File Fuzzing (Files):
GitHub page:
Installation:
Suscribirse a:
Entradas (Atom)