Category Archive for "Exploit Development"

QuickZip Stack BOF 0day: a box of chocolates

QuickZip Stack BOF 0day: a box of chocolates

A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files.  After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file structure), I found a way…

Read More

Multiple Media Player HTTP DataHandler Overflow

We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads: “There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings…

Read More

Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the…

Read More

ITunes Reloaded – Getting the Shell

There goes our Information Security This is part 2 of our previous post about the Itunes exploit for windows. …little did we know that all the payloads being sent have to be pure AlphaNumeric (printable ASCII). The first thing to do is find a Alphanum friendly return address, which was…

Read More

ITunes Exploitation Case Study

When masochism just isn’t enough Our new AWE course is about to go live for the first time, in BlackHat Vegas. We chose the most interesting exploitation cases we’ve encountered, and dove really deep into them. We had many exploits to choose from, some were too easy, and believe it…

Read More