In my “Writing exploit on win32 from scratch: Mini HTTPD Server 1.2” blog post, I pointed that we were working on a Windows SP SP3 box with no DEP (data execution prevention). That’s not real, Windows XP SP3 has DEP, but by default it is configured in “OptIn” that means only the processes and services on the list has DEP activated (usually OS processes). For this post we are going to change that configuration to “OptOut” that means DEP is allways On except for the processes that we put in the list. Read more ›
Some time ago since I wrote my last post cause lately between work, trainings, conferences and some software development my “Free Time” suffered a “Buffer Overflow”.
But hey, now found some time and I decided to create the first entry about “Exploiting” of hardsec.net.
We will see how to develop an exploit step by step for “Mini HTTPD”. You can find it at http://www.vector.co.jp/soft/winnt/net/se275154.html or here in this post.
I’ll try to explain the process step by step, including the mistakes I’ve been making during the development, the cause of these errors and how I solved it. Read more ›
With the new year I decided to go one step further and start posting in English as well as in Spanish.
So this post is just to welcome all the new english readers. I hope the contents of this blog likes you the same likes me to write it.
Thanks and regards.