Author image

Buffer Overflow


This is a Buffer overflow tutorial using linux Ubuntu and C programming. There is full explanation and code in Greek only at the moment in “Nikos_Lazaridis_M1485_Project#2_ΥΣ13_ΕΑΡΙΝΟ_2017.pdf”. I may become motivated to translate this in English If I get enough requests.

! During Buffer Overflow:
The ultimate goal of a Buffer overflow attack is replacing the return address of a vulnerable/unsecure function with another one of our choosing. The latter function will have "ASCII shellcode" placed into it, which will execute the attacker's desired code (WE are the attacker here); the sky's the limit here with what the attacker can do (more like the imagination of the attacker). “Buffer Overflow” occurs the moment where a single byte is written in the...

Author image

Code Injection


Code injection is a technique where you can insert code into a process and then reroute its execution to traverse through your injected custom code segment.

Working from a debugger eg. OllyDbg, we can search for “code caves”, ie. sequences of nop (or "DB 00" in Olly) instructions that are large enough to "fit" our custom code.

Alternatively we can also allocate more memory in the target process to store the code. This is what we will do in this case.

One of the best ways to inject code is via dlls, because they are meant to be loaded by multiple processes at runtime.

Compulsory ingredients:

  1. injector process - DLLInjector project - the process that will "inject" the code
  2. the process to inject - ProcessToInject project - the process...

Author image

Process Hacking (COD4) Tutorial


Generic Windows process hacking application. This time the victim being Call of Duty 4 (the original).

What do we mean by hacking? Hacking is gaining access to a system in a manner that was not intended by its developer.

Here we do something really really simple and easy. We will change some on screen visual values in our program.

A. We find the process' HANDLE. There are 2 ways to do this.

I. By getting the window Handle (HWND)

  1. HWND windowHandle = FindWindowW( nullptr, processName ) to get the window handle
  2. GetWindowThreadProcessId( windowHandle, &pid ) to get the pid
  3. and finally OpenProcess( PROCESS_ALL_ACCESS, false, *pid ); to get the process Handle

This is the method I use in this example.

II. By taking a...

Author image

Hooking Tutorial


Here you will learn about this ancient miracle cure called Hooking. Our ancestors used hooking to catch fish! No just kidding, lets get to it..

Before we head straight into it, I'll provide a little introduction to the Portable Executable (PE) and explain its various memory sections. Don't skip it; its understanding is crucial to get to the next part.

The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. It is a data structure format that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. This includes dynamic library references for linking, API export and import tables, resource management data and thread-local storage (TLS) data.

The Extensible Firmware Interface (EFI) specification states that PE is the standard executable format in EFI environments. On NT...

Author image

WinAPI KeyLogger


A basic WinApi keylogger that records keystrokes and writes them to a file.

There is an infinite loop, which checks every possible button (using GetAsyncKeyState), every 10ms, and records it to the file.

There is exception checking added in as well, for good measure.

I used Windows 8.1 x86_64, Visual Studio 2017, Modern C++17 to build the project.

Github

Github repository link.

1