Category: Academy

Penetration Testing Wiki

Simple and vulnerable NodeJS app prone to Cross-Site Scripting (XSS) deployment with Google Cloud App Engine

I wrote a little script in node.js for a hands-on lab to test Cross-Site Scriptings (XSS). You can download it from my github: https://github.com/defensahacker/nodexss To deploy in Google Cloud App Engine: To start the project from a local system: Now visit the vulnerable website:

How to find shellcode address

Some notes on how to find the right address in your specific environment to exploit Apache On my environment Debian Sarge with Apache 1.3.34 installed from apt-get, the address which I had to jump to execute the shellcode was 0x0834ae77. As this address it is not helpful at all in exactly the same conditions, here…
Read more

Exploiting the stack: Off-by-one technique

In this post I will explain how the stack is structured in Linux and how to exploit successfully a buffer overflow with only 1 byte overflowed (off-by-one technique).