IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [code-execution]

The process of executing code, either maliciously or not, on a system or device. The term is often used when talking about code injection vulnerabilities.

The process of executing code, either maliciously or not, on a system or device. The term is often used when talking about code injection vulnerabilities

82 questions
3
votes
1 answer

How can we embed an exe containing a payload into a pdf file

I have created an exe with a payload which gives me a meterpreter session. But I need to embed this exe into a pdf. Upon opening the pdf the exe ideally should get executed. Is there any way to do this embedding and auto run of exe. Thanks
Solo Trench
  • 41
  • 1
  • 3
3
votes
1 answer

Running a brief asm script inline for dynamic analysis

Is there any good reason not to run a brief unknown (30 line) assembly script inline in a usermode c program for dynamic analysis directly on my laptop? There's only one system call to time, and at this point I can tell that it's a function that…
comp.sci.intern
  • 33
  • 3
3
votes
2 answers

How to respond when network info sec check requires run of downloaded unknown .exe?

I recently visited a university for an event where I was expected to bring a computer and do work using the campus wifi. On first connection, I was asked to download a "SafeConnect Policy Key" (.exe) which, according to its description, was…
WBT
  • 556
  • 1
  • 7
  • 14
3
votes
2 answers

Changing file extensions in PHP file upload to prevent code execution?

I think in a PHP file upload it is a best practice to store files outside of the document root with a randomly generated file name and telling the server to make them non-executable, so the file will not be executed by an attempt to access the file…
kot
  • 45
  • 4
2
votes
0 answers

Can binary firmware packages be executed on the system?

Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default. From my limited understanding of their functionality, a binary firmware package, or "blob", is loaded onto the respective…
Prototype700
  • 263
  • 2
  • 7
2
votes
1 answer

Explanation of persistent full-chain kernel code execution

My question Meaning of persistent full-chain -- ? What is the difference between OS-level CE and Kernel level CE? How do OS-level CE and Kernel level CE differentiate in impacting a system? Rarity and difficulty when it comes to…
pov
  • 23
  • 4
2
votes
3 answers

How does buffer overread cause arbitrary code execution?

Referenced in the recent VLC vulnerability and other places, apparently buffer overreads can cause arbitrary code execution. How does it do that? Suppose in the following toy example void badcpy(const char* src, char* dst, int n) { for(int i =…
user212957
  • 21
  • 2
2
votes
1 answer

PHP Code execution in function parameters and logical operators

After wondering about this and trying to better understanding, I tried the folowing code: is_string(3 and sleep(30)); Why PHP will execute code inside a parameter function (sleep in is_string) ? And what is the role of logical operators in this…
Raphaël D
  • 43
  • 4
2
votes
1 answer

PHP command injection create_function eval

I was reading about the create_function, that will be DEPRECATED on PHP 7.2, that is prone to php command injection. I started to play with it and created an example. The code below should return the lowercase version of each string in the array.…
rdlrt
  • 21
  • 3
2
votes
2 answers

Bash: Why would sourcing a file be less safe than bashing it (executing in another session)?

Bash: Why would sourcing a file be less safe than bashing it (executing in another session)? Is it the case, or I completely misunderstood? I've heard in the the context of sourcing a sub-script from a master-script. For example, you curl and source…
user9303970
  • 443
  • 1
  • 4
  • 15
2
votes
2 answers

Can a zipped malware execute?

I have a malicious file zipped in .gz which was not opened. However, when I tried to delete the folder containing the file, I wasn't able to due to running processes. Can a zipped malware execute itself in Windows?
George
  • 739
  • 1
  • 6
  • 22
2
votes
2 answers

Understanding preg_replace Filtering & Exploitation

Here is the proof of concept of the code: I don't quite understand what the filter does, all I understand is that it…
0x00
  • 23
  • 1
  • 4
2
votes
2 answers

With SAP_ALL access rights, can someone run an executable on the SAP Netweaver ABAP server?

Given a demo system for a fair which is based on SAP Netweaver ABAP. Our application has a bug which cannot be fixed easily, at least not in time for the fair. The workaround is to give the users of the demo SAP_ALL access rights. SAP_ALL is a bad…
Thomas Weller
  • 3,246
  • 3
  • 21
  • 39
2
votes
3 answers

Verify "blind" code execution works

Suppose the following situation: You're doing a black-box pentest. You found that the customer runs software X and X has a remote code execution vulnerability, but the nature of this code execution is that stderr and stdout cannot be sent back to…
kaidentity
  • 2,634
  • 13
  • 30
2
votes
1 answer

Dynamic forking of a process in win32 vs modern antiviruses

Most tutorials about crypters assume that popular antiviruses don't scan programs executed directly from memory. However from what I've seen, some of them (e.g. Nod32) are able to scan RAM in search for known patterns. This makes me wonder... here's…
user3125731
  • 123
  • 3
1
2
3 4 5 6