RCE Security

RCE Security

Reverse Engineering sometimes results in Remote Code Execution

Menu

  • Vulnerabilities
  • Security Services
  • References
  • Disclosure Policy
  • About:Me
  • Imprint

esp

Yet Another Photodex ProShow Producer Code Execution Vulnerability

Yet Another Photodex ProShow Producer Code Execution Vulnerability

After my last advisory about the ProShow Producer application by Photodex and the nice Metasploit module created by mr.pr0n, I decided to dig deeper into this application, because the vendor does not care about his product security! The application is still exposed to

MrTuxracer January 26, 2013February 19, 2014 Vulnerabilities No Comments Read more

NCMedia Sound Editor Pro v7.5.1 Windows 7 Exploit

NCMedia Sound Editor Pro v7.5.1 Windows 7 Exploit

First of all…thanks b33f from fuzzysecurity.com for your hint which helped a lot in solving the reliability issue of my last exploit 🙂 ! In my last article I wrote about a missing reliable way of executing shellcode. I received

MrTuxracer September 23, 2012February 19, 2014 Exploits 2 Comments Read more

Exploiting the NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Vulnerability with the help of mona.py

Exploiting the NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Vulnerability with the help of mona.py

My latest finding: A classic buffer overflow. And this time I’ve used the great mona.py script created by the corelan team to exploit the vulnerability. It helps to find memory addresses for all of your stack adjustment needs (beside this, the script

MrTuxracer September 16, 2012February 19, 2014 Exploits 3 Comments Read more

Buffer Overflow Exploitation: Jump to shellcode via PUSH ESP, RET

Buffer Overflow Exploitation: Jump to shellcode via PUSH ESP, RET

Another possible way to jump to shellcode is using the PUSH ESP, RET technique. If you’ve got no usable CALLs or JMPs to ESP for some reasons, you can first use a PUSH ESP to put the address of ESP

MrTuxracer December 16, 2011September 26, 2014 Tutorials No Comments Read more

Buffer Overflow Exploitation: Jump to shellcode via CALL ESP

Buffer Overflow Exploitation: Jump to shellcode via CALL ESP

In my first tutorial I’ve taken a JMP ESP from some system .dll called WMVCore.dll. Since this isn’t a reliable jump, because the WMVCore.dll might differ from OS version to OS version, it would be more reliable to take one

MrTuxracer December 10, 2011September 26, 2014 Tutorials No Comments Read more

Buffer Overflow Exploitation: Stack manipulation using POP, RET

Buffer Overflow Exploitation: Stack manipulation using POP, RET

Exploiting is a very interesting topic and there are many ways of manipulating the stack. One of those ways is using the POP, RET functions. Using the “Free MP3 CD Ripper” – Exploit from my first tutorial, I would like

MrTuxracer December 8, 2011September 26, 2014 Tutorials No Comments Read more

Buffer Overflow Exploitation: A real world example

Buffer Overflow Exploitation: A real world example

Hello readers again! Since I am still getting deeper into penetration tests in AppSec, it helps quite a lot to write about things to get new ideas and thoughts – so I decided to write a little tutorial on how

MrTuxracer November 30, 2011October 13, 2017 Tutorials 2 Comments Read more

Categories

  • Bug Bounties
  • Certifications
  • Conferences
  • CTFs
  • Exploits
  • Papers
  • Playground
  • RCE
  • Reversing
  • Security News
  • Site News
  • SLAE
  • Tutorials
  • Vulnerabilities

Tags

0-day 0day advisory assembly BSidesHH buffer overflow bug bounty bypass csrf CVE-2014-2206 eip esp exam exploit hacking hackme IDA ignorance inshell LFI linux local Metasploit nmap Off-Topic PoC privileges escalation python RCE remote reporting ret ROP SafeSEH shellcode SLAE SQLi sqlmap SSRF stack surveillance trunk vlan WinALL XSS

Archives

  • November 2017
  • October 2017
  • August 2017
  • March 2017
  • January 2017
  • December 2016
  • September 2016
  • June 2016
  • April 2016
  • February 2016
  • December 2015
  • September 2015
  • August 2015
  • July 2015
  • January 2015
  • December 2014
  • November 2014
  • August 2014
  • July 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011

Follow Me

Copyright © 2018 RCE Security. Powered by WordPress. Theme: Spacious by ThemeGrill.