Search:

Please provide some link as to where you are referring the task from! Also, read this : http://crypto.stanford.edu/cs155old/cs155-spring08/papers/formatstring-1.2.pdf

I wonder why apache should run as a privileged process? Yeah if it runs as a web server it needs to bind to port 80 which is below 1024 therefore is privileged, after that it no longer needs to hold...

Let's do it! I couldn't participate last time :( Also, since it is a international CTF, we need to practice atleast on weekends. We could use #g4h IRC on freenode for collaborating.
Interested...

There are a lot of books that cover C to an intermediate level. But the best book for Advanced C is Expert C Programming - Deep C Secrets. I recently started reading the book and i completed some 80...

Well, I will tell you the technique. Just dont tell anyone about it k? So here it goes. First thing is to find the email ID of the person, that will be publicly available most of the time. Then here...

You can view the page at http://www.garage4hackers.com/content.php?r=140-Understanding-Padding-Oracle-Attack-Attack-on-Encryption-in-CBC-mode

Understand what padding oracle is all about, then write your own code. Or wait for max. 3 days, i might do a tutorial on padding oracle and this post will serve as my inspiration.

Regards

IMHO, padding oracle attack is one of the "cutest" attacks on Authenticated Encryption..I didn't know that ASP.NET is vulnerable to this though! Also, another thing about padding oracle is that it is...

IMO, forget about career when you learn. Just learn with a passion and everything else will come to you automatically. About family, it is upto you to convince your family man, cant help you out...

Hey Mark. Well, this is how I decided I should be in the future . When i was in college, I am a gaming addict (DotA mainly).I was the Captain of a popular clan in GG which naturally means i didn't...

The argument for gets() and puts() is the address of the buffer which is at an offset -0xc from ebp more precisely the buffer starts @ address ebp-0xc. About the mov %eax,(%esp) part, it is...

AT&T is not a processor, it is a syntax for assembly. As you can obviously see,it is AT&T considering the %(register) and <opcode> <source> <destination> format!

Ok lets do it one step at a time for more clarity.



0x080484ae <+0>: push %ebp
0x080484af <+1>: mov %esp,%ebp

Typical function prologue. esp is not subtracted indicating no local...

Hey mark, thanks for the videos. Btw, if you have any trouble understanding BoF, post the code in the forums, we will help you out!

Best Regards.

There are a lot of wargames like OvertheWire and SmashTheStack which is a great place to start and they are very addictive too..

Nobody is laughing at you or stopping you from dreaming. All we are saying is that do some research on your area of interest and realise your dream(however impossible it might be) . But while posting...

Hmm..I am not saying it is not feasible, but as a general recommendation let me tell you this: Theoretically we can do anything! Like for example , use a gigantic vibrating fork so that it matches...

Nice exploit bro..it would be more useful if you could document the bug hunting phase too

Kindly be more elaborate by providing some pseudocode as to how you think it might happen! Then it will be easier for others to clarify

Be more elaborate! There is no such thing as a register overflow (except arithmetic overflow..but they are not relevant to our discussion here) , what actually happens is that we overflow the memory...

Thanks bro! hopefully next time , they turn out to be suid binaries :)

Can you please post your code?

No bro..am not able to find a squashfs-tools for android.

@all:Thanks a lot

http://www.garage4hackers.com/f22/anatomy-my-first-second-0-day-2488.html
And also, I was thinking if there is anyone interested in open source bug hunting? Tell me so that we can audit some of the...

Hmm, the stack grows from higher memory address to a lower memory address, which means that the saved ebp gets overwritten before the saved eip. There are ways you can overwrite just the saved eip,...