Exploit stack-based buffer overflow using NOP-sled technique

Stack-based buffer overflow is a common programming error that I get when I started to learn programming but I did not know that it would be really dangerous. In this post, I will try to note down what I have learned after trying to exploit this vulnerability using the well-know NOP-sled technique.

Continue reading


Filesystem mazes race condition attack (2)

This post will demonstrate in detail how to exploit the TOCTTOU race condition of linux.
To understand basic idea of Filesystem mazes attack, read the first part here

In order to attack, we must first generate the maze and the trap and a program that calls the access and open call of kernel to generate race condition.
Continue reading

Filesystem mazes race condition attack (1)

One of the attack that usually happens in linux system is the attack that takes advantage of the TOCTTOU race condition. When a user wants to open a file, the OS will first checks the permission of the user, then grants/denies access to the file. Only after the authorization finished, OS will open the file. TOCTTOU (time of check to time of use) is the time different between the authorization of the file and the time when it is actually used. The attacker can exploit this race condition and change the link to file that he has permission to read to a private file during TOC and TOU.

Continue reading

Tracking online advertising using javascript on GreaseMonkey

Recently, I’m involved in a project where I have to test the ads banner by putting it on several websites. Of course I don’t have the money to buy ads slots on all of those sites, so I have to write several scripts to replace the banners on those websites with my banner on my browser.

I choose the browser for project to be Firefox and use an add-on called GreaseMonkey to execute custom javascript on the webpage. Continue reading