Sysax 5.64 HTTP Remote Buffer Overflow

2 minute read Jul 28, 2012 Comments
I have discovered a bug in the Sysax Multi-Server application. More specifically, it’s in the HTTP File Server service, which is not enabled by default. It has to be turned on by the admin for this exploit to properly function. The user in question also needs permission to create a directory. In the Sysax service, the configuration would look like this: To trigger this vulnerability is pretty simple. Log into the HTTP File Server:
Read more rop windows sysax exploit hacking metasploit

Exploit Exercises - Protostar Stack 6

7 minute read Dec 22, 2011 Comments
The Stack6 challenge was definitely a learning experience for me. This actually went beyond my existing skills, and made me learn some new stuff. We are given the following code. #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <string.h> void getpath() { char buffer[64]; unsigned int ret; printf("input path please: "); fflush(stdout); gets(buffer); ret = __builtin_return_address(0); if((ret & 0xbf000000) == 0xbf000000) { printf("bzzzt (%p)\n", ret); _exit(1); } printf("got path %s\n", buffer); } int main(int argc, char **argv) { getpath(); } The first thing I tried to do, was to set it up just like I did on Stack 5.
Read more wargames Protostar linux exploit-exercises suid rop hacking ret2libc