Blog

Penetration Testing Wiki

How to find shellcode address

Some notes on how to find the right address in your specific environment to exploit Apache On my environment Debian Sarge with Apache 1.3.34 installed from apt-get, the address which I had to jump to execute the shellcode was 0x0834ae77. As this address it is not helpful at all in exactly the same conditions, here…
Read more

Exploit & info about off-by-one overflow in mod_rewrite module of Apache HTTP server

CVE-2006-3747 POC & exploit for Apache 1.3/2.0/2.2 mod_rewrite off-by-one, SecurityFocus https://www.securityfocus.com/archive/1/443870 Vulnerable Apache Versions 1.3 branch: >1.3.28 and <1.3.37 2.0 branch: >2.0.46 and <2.0.59 2.2 branch: >2.2.0 and <2.2.3 However, due to the nature of the off-by-one sensitive exploitation not all the vulnerables versions are exploitables ones. I did a successful attack on Apache 1.3.34…
Read more

Exploiting the stack: Off-by-one technique

In this post I will explain how the stack is structured in Linux and how to exploit successfully a buffer overflow with only 1 byte overflowed (off-by-one technique).