Questions tagged [binary-code]
60 questions
1
vote
3 answers
Debugging and DLL-Injection
Hi,
I am currently reading Gray Hat Python to learn about Debugging and various interesting techniques for binary analysis.
So far I have learned an amazing amount of stuff (just read about DLL-Injection).
Two questions though:
When two processes…
![](../../users/profiles/7735.webp)
er4z0r
- 286
- 1
- 8
1
vote
1 answer
How is it possible to simply a decode Bluetooth communications from a medical device?
Excuse the naive question but I'm trying to understand a bit about security in home health and medial devices and a recent report about how home Covid test results can be altered has left me a bit confused about how security in Bluetooth and apps…
![](../../users/profiles/35988.webp)
orome
- 323
- 2
- 9
1
vote
1 answer
Is there any way to get a unicode character that has a byte of 23?
I am pentesting a web application. It makes a backend call to another application, and I am trying to hijack that call.
I have gained control over the URL path, query parameters, and fragment that is being sent (e.g. if the URL is…
![](../../users/profiles/264163.webp)
Bob
- 79
- 7
1
vote
0 answers
1
vote
1 answer
Writing to .fini_array
I'm learning about format string exploits, and am attempting to use one on an example program to overwrite the .fini_array section in virtual memory with a stack address containing shellcode (and hence redirect execution to the shellcode once main…
![](../../users/profiles/233007.webp)
Atticus Stonestrom
- 111
- 4
1
vote
0 answers
How to verify a binary correctly even if my github account is hacked by someone
I have a binary file and saved it on github release page. https://github.com/zono/bolt8/releases
To allow users to verify it, I saved sha256sum and signature(.asc).
However I have a concern that if my github account is hacked somehow, the sha256sum,…
![](../../users/profiles/89806.webp)
zono
- 185
- 8
1
vote
1 answer
Is there any way to estimate the safety of arbitrary binaries, which are usually released with unofficial patches?
Frequent scenario:
An old game is released on GOG / Steam.
It proves to be incompatible with new Windows systems. (Crashes, game breaking bugs, fps of 0.5 and the likes)
An unofficial patch is released by the fanbase, either for this particular…
![](../../users/profiles/108649.webp)
gaazkam
- 5,607
- 11
- 24
- 37
1
vote
2 answers
How to make a well-known malicious programs undetectable by anti-virus solutions?
I want to make well-known malicious programs, like Mimikatz and Incognito, undetectable by anti-virus solutions.
I have already tried various approaches myself, like packing the binary with UPX or modifying the source code in C/C++ (+ various…
![](../../users/profiles/53024.webp)
Shuzheng
- 1,097
- 4
- 22
- 37
1
vote
1 answer
ROP Attack :Force the program to manipulate an instruction as a gadget
I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack.
To gather the available gadgets I use ROPgadget tool.
I found a very useful gadget at address…
![](../../users/profiles/176217.webp)
Ahmed
- 83
- 4
1
vote
1 answer
Binary Exploitation - How to set GID of a SUID binary using shellcode?
I have a binary that is SUID which I can currently use a buffer overflow exploit to obtain an elevated EUID shell.
However I haven't worked much with changing IDs through shellcode, and the file I need to access requires me to have a GID equal to…
![](../../users/profiles/176369.webp)
Sif
- 13
- 4
1
vote
0 answers
Malicious Actor with Physical Access to Encrypted Machine
Some background: My org is potentially involved in a legal dispute with a securities brokerage in a under-developed country with mediocre rule of law. The broker also is responsible for co-locating a machine used for trading at the exchange. The…
![](../../users/profiles/92119.webp)
user79126
- 151
- 3
1
vote
2 answers
Is there any ability to determine the exploit used by compiled binary?
I have a binary file which uses some exploit(i guess, it was generated with metasploit), but I can`t determine the exact exploit it uses.
The disassembly listing of it contains a plenty of "mov" operators, and .data section contains a lot of strings…
![](../../users/profiles/121724.webp)
AseN
- 155
- 1
- 7
1
vote
0 answers
Buffer overflow Rooting vs SU via recovery?
After researching on rooting processes low level details and techniques i found that it happens mostly through Buffer overflow to gain root access via running payload ( binaries ) at return call address of memory.
Method A ( BUffer Over flow to…
![](../../users/profiles/120815.webp)
Pintspin
- 11
- 3
1
vote
1 answer
Decrypting binary code from a base64 string
So, this online discussion function use decoded account names in every post, along with that they call "logging data", an example of this can be:
Loggin data: 10878
Encoded account info: U2FsdGVkX19bCgrkbEjt4gDrFKNANCce
Now, the first part of the…
![](../../users/profiles/111740.webp)
Sandman
- 111
- 1
- 1
- 2
0
votes
1 answer
How is a process forced to execute binary code?
I want to understand how a vulnerable internet facing process on some computer is exploited to run arbitrary binary code.
I understand how buffer overflows could be used to overwrite the return address to make the process jump to a location it…
![](../../users/profiles/45116.webp)
emberfang
- 199
- 8