Protostar Exploit Challenges Format 3 Solution

Overview There’s really not much to this one. It’s pretty much the same as format2 with the only difference being we’ll need to write multiple bytes. Finding Our String I started in the same manner we have been for the last several challenges by printing off values from the stack. After printing those values, I […]

Protostar Exploit Challenges Format 2 Solution

Direct Parameter Access In the previous tutorial, I demonstrated how to use %x format specifiers to print values of the top of the stack and ultimately write to an arbitrary location in memory. In this case, it is not possible to input an arbitrarily long string as the code now limits the string to size […]

Protostar Exploit Challenges Format 1 Solution

Format 1 Solution I’ve seen a lot of different solutions to this problem and they’re all good, but I couldn’t find one that actually explained the oddity I observed while completing the challenge. My initial approach was to use the command: ./format1 `perl -e ‘print “AAAA” . “%08x.”x200 If you aren’t already familiar with the […]

Writing an Encoder – Run an Executable From Memory

Recently I encountered a scenario where I needed to avoid local AV signature based detection. Unfortunately, the tools at hand were rather antiquated so I decided to write my own encoder. Below are two C++ files, the first is the encoder and the second is a decoder. The encoder takes an executable file as input. […]

How to Use Proxychains / Forwarding Ports

I was recently in an exercise requiring some pivoting. You know what’s really useful, but has absolutely no decent documentation anywhere!? Proxychains. I wrote a Code Project tip on how to use proxychains for simple pivoting. The article is hosted here: How to Use Proxychains