Posts

Showing posts with the label Exploit Development

Windows Exploit Development (primer II) : Corrupting Structured Exception Handling and Controlling Memory Pointers

Image
I folks this post is part of a series in which I introduce some good fundamentals in windows exploit development - basically documenting as I learn it myself!

In this post we are going to essentially going to find out how our input breaks certain structures in memory, find different ways to crash the program and discuss the fun things these crashes let us do with out input! Lets get going :)
What you need to get going Exactly the same as last time!
Windows Virtual Machine Debugger Tools for windowsEasy MPEG to DVD Burner (copy available on exploit-db)(optional) python script payloadgen.py mentioned later on in the post Corrupting Memory
I assume you've got everything sorted out in terms of debugging the application. If its broken in you can get it running after a breaking by using the "g" command like this:



It should start running unless for some reason it hits another breakpoint. Hit "g" as many times are you need to get the application running smoothly and re…

Windows Exploit Development (primer) : Debugging Threads and Analyzing Memory

Image
Hi folks I thought its about time to start blogging about the little experience I have in low level exploitation and analysis - so here goes. To start off on your windows exploitation journey you need to be able to get to grips with a tool and some tricks to get you look at your target the right way. In this post I cover somethings that may help a ton! 
Debugging ThreadsTo get started you are probably going to need a couple things sorted out first, namely a simple windows VM setup with debug tools (tons of tutorials out there on the internet) and a target to exploit: A Windows VM (Microsoft made them free which is awesome!)Windows Debug ToolsYou should grab a copy of  Easy MPEG to DVD Burner on exploit db.
Before we can start crashing programs and controlling EIPs we need to make sure we have the right view of the target we are exploiting. Windows debugger is actually pretty useful in this regard so open it up, open the target program and attach the debugger to it like so:




Once you've…