RCE Security

RCE Security

Reverse Engineering sometimes results in Remote Code Execution

Menu

  • Vulnerabilities
  • References
  • Disclosure Policy
  • About:Me
  • Imprint/Data Protection Policy

shellcode

SLAE: Custom Crypter (Linux/x86)

SLAE: Custom Crypter (Linux/x86)

Do you want to fool antivirus software? When you look through hacking forums for a solution to this, you will likely encounter the term “crypter”. You will also find this tool in the arsenal of every advanced penetration tester and it

MrTuxracer April 28, 2016April 28, 2016 SLAE 2 Comments Read more

SLAE: Polymorphic Shellcodes (Linux/x86)

SLAE: Polymorphic Shellcodes (Linux/x86)

Question: How can signature-based Intrusion Detection systems be defeated? Answer: Using polymorphic shellcodes! This might sound really crazy and cyber, but it has nothing to do with inventing fancy new hacking techniques, it’s rather about puzzling. By replacing assembly instructions with other assembly instructions

MrTuxracer April 12, 2016April 15, 2016 SLAE No Comments Read more

SLAE: Dissecting Msfvenom Payloads (Linux/x86)

SLAE: Dissecting Msfvenom Payloads (Linux/x86)

One very common tool among penetration testers is Metasploit, which includes a lot of nice exploits and payloads. The 5th assignment of the SecurityTube Linux Assembly Expert certification is about Metasploit shellcode analyses for Linux/x86 target systems. The task is to

MrTuxracer August 13, 2015April 28, 2016 Certifications, SLAE No Comments Read more

SLAE: Custom RBIX Shellcode Encoder/Decoder

SLAE: Custom RBIX Shellcode Encoder/Decoder

Anti-Virus and Intrusion Detection Systems could become really nasty during a penetration test. They are often responsible for unstable or ineffective exploit payloads, system lock-downs or even angry penetration testers 😉 . The following article is about a simple AV and IDS

MrTuxracer January 18, 2015April 28, 2016 Certifications, SLAE No Comments Read more

SLAE: Egg Hunters (Linux/x86)

SLAE: Egg Hunters (Linux/x86)

Happy Easter everyone! Have you already found all your hidden eggs? No? Then I’ve got the ultimate solution for everyone who’s still missing some eggs 😉 ! This assignment in my SecurityTube Linux Assembly Expert certification covers egg hunters! My research

MrTuxracer August 23, 2014April 28, 2016 Certifications, SLAE No Comments Read more

SLAE: Shell Reverse TCP Shellcode (Linux/x86)

SLAE: Shell Reverse TCP Shellcode (Linux/x86)

Now Mario meets Luigi….or what’s a bind without a reverse shellcode? I’ve spend some extra time again to reduce the shellcode size and make it fully register aware, so that this shellcode could handle every exploit-scenario. It’s therefore currently at

MrTuxracer July 25, 2014April 28, 2016 Certifications, SLAE 1 Comment Read more

SLAE: Shell Bind TCP Shellcode (Linux/x86)

SLAE: Shell Bind TCP Shellcode (Linux/x86)

Do you like uncommon challenges? At least I do, and that’s the reason why I’ve signed up for the SecurityTube Linux Assembly Expert training. But what’s this all about ? The founder Vivek Ramachandran summarizes it best: The SecurityTube Linux

MrTuxracer July 13, 2014April 28, 2016 Certifications, SLAE 1 Comment Read more

Exploiting the NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Vulnerability with the help of mona.py

Exploiting the NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Vulnerability with the help of mona.py

My latest finding: A classic buffer overflow. And this time I’ve used the great mona.py script created by the corelan team to exploit the vulnerability. It helps to find memory addresses for all of your stack adjustment needs (beside this, the script

MrTuxracer September 16, 2012February 19, 2014 Exploits 3 Comments Read more

Buffer Overflow Exploitation: Jump to shellcode via PUSH ESP, RET

Buffer Overflow Exploitation: Jump to shellcode via PUSH ESP, RET

Another possible way to jump to shellcode is using the PUSH ESP, RET technique. If you’ve got no usable CALLs or JMPs to ESP for some reasons, you can first use a PUSH ESP to put the address of ESP

MrTuxracer December 16, 2011September 26, 2014 Tutorials No Comments Read more

Buffer Overflow Exploitation: Jump to shellcode via CALL ESP

Buffer Overflow Exploitation: Jump to shellcode via CALL ESP

In my first tutorial I’ve taken a JMP ESP from some system .dll called WMVCore.dll. Since this isn’t a reliable jump, because the WMVCore.dll might differ from OS version to OS version, it would be more reliable to take one

MrTuxracer December 10, 2011September 26, 2014 Tutorials No Comments Read more
  • « Previous

Categories

  • Bug Bounties
  • Certifications
  • Conferences
  • CTFs
  • Exploits
  • Papers
  • Playground
  • RCE
  • Reversing
  • Security News
  • Site News
  • SLAE
  • Tutorials
  • Vulnerabilities

Tags

0-day 0day advisory assembly BSidesHH buffer overflow bug bounty bypass csrf CVE-2014-2206 eip esp exam exploit hacking hackme IDA ignorance inshell LFI linux local Metasploit nmap Off-Topic PoC privileges escalation python RCE remote reporting ret ROP SafeSEH shellcode SLAE SQLi sqlmap SSRF stack surveillance trunk vlan WinALL XSS

Archives

  • June 2018
  • May 2018
  • November 2017
  • October 2017
  • August 2017
  • March 2017
  • January 2017
  • December 2016
  • September 2016
  • June 2016
  • April 2016
  • February 2016
  • December 2015
  • September 2015
  • August 2015
  • July 2015
  • January 2015
  • December 2014
  • November 2014
  • August 2014
  • July 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011

Follow Me

Copyright © 2019 RCE Security. Powered by WordPress. Theme: Spacious by ThemeGrill.