iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (4)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
On the fly tool
  • flawless
    Posts: 18
    Something to i just thought i shud share, this lil tool helps when you researching buffer overflows
    and when you hit  bad-chars, just compile this and run it while generate chars for you. then you start the process of elimination.

    link to pastebin code :::::: http://pastebin.com/0FsEaXdd  
    Invincibility lies in the defense; the possibility of victory in the attack.
  • Xin
    Posts: 3,251
    Pastebin link down, can you reupload?
    Xin
  • flawless
    Posts: 18
    yer sure here is the reupload http://pastebin.com/bwecTrEv sorry for the late reply i been very busy
    Invincibility lies in the defense; the possibility of victory in the attack.
  • Mr. P-teoMr. P-teo
    Posts: 269
    Looks very simple, from my limited understanding of C it just seems to be printing a long string. Might be wrong but would this do exactly the same?





    #include<stdio.h>

    main(int argc, char **argv){

    printf("\"");
    for(int c = 0;c<=255;c++){
    printf("\\x%.2x");
    }
    printf("\"");
    return 0;

    }
    Skype: mrpt3o
    Twitter: MrPteo


    image
  • flawless
    Posts: 18
    well thts the intent  mr.p.teo imagine you in the middle of a research of a bufferoverflow and you hit bad characters how would you deal with the problem if you didnt know which char is causing it this lil tool comes in handy for that kind of problem you add the character strings tht get printed to the konsole into your script or what have you then send it to the vulnerable app then debug the prog with immunity or what have you until you dont have any bad characters within your exploit

    as for that code up top theres no need for statement cos all you need is to be able to print 255 chars to be passed to the app you doing a buffer overflow for so this will be much better

    while (c<= 255)
                printf("\\x%.2x", c++);

    so whats this saying is while the inter c is small or equal to 255 print until you reach 255 characters well hope i explained it better




    Invincibility lies in the defense; the possibility of victory in the attack.
  • Mr. P-teoMr. P-teo
    Posts: 269
    yer but i used the for as it seems to use your code but in one line.

    as it sets the variable, sets the condition and increments it in one statement, where you used 

    1. int c = 0;
    2.  
    3.     printf("\"");
    4.     while (c<= 255)
    5.             printf("\\x%.2x", c++);
    6.     printf("\"");
    7.     return 0;


    Your code, sets the variable on a separate line, does the while on another and increments on another. So surly     for this piece of code the for loop is better suited.
    Skype: mrpt3o
    Twitter: MrPteo


    image
  • flawless
    Posts: 18
    well lol at the end of the day its one's opinion ini but from what i see as long the code does what ever is needed of it i got no problem with it it wasn't coded for the purpose of looking flashy or anything like that just to deliver when executed at the end of the day lol...well didn't mean to be rude or anything like that..
    Invincibility lies in the defense; the possibility of victory in the attack.
Add a Comment