In certain situations when I want to print some string to stdout we need the length for the write syscall in linux. So we can’t always depend on the $-string macro, which is valid for a defined string.
We use the REPNE (REPeat while Not Equal) instruction which will loop as long as CX != 0. Along with REPNE we use SCASB (scan byte string). It compares the content of the accumulator (AL, AX, or EAX) against the current value pointed at by ES:[EDI]. In the end we calculate the difference between offsets of the scanned string (EDI) and the original string (EBX) to find the length.
mov ebx, edi
xor al, al
mov ecx, 0xffffffff
repne scasb ; REPeat while Not Equal [edi] != al
sub edi, ebx ; length = offset of (edi - ebx)
mov eax, edi
I recently wanted to explore the world of game hacking, which involves some cool reverse engineering tricks. This is a trainer written in C++.
Simply uses WriteProcessMemory to write the values into memory of the game.
Download game: https://assault.cubers.net/download.html
Download trainer: https://github.com/OsandaMalith/GameHacking/blob/master/AssaultCube/Hack.7z
This is very simple web crawler I coded for fun. It uses a breadth first search algorithm in crawling urls.
– This tool might be useful in finding subdomains
When performing illogical ranges in Ruby and converting it to an array it uses 100% memory, disk and CPU which will freeze your computer. I have tested this issue on a Windows 10 64-bit machine. In a 64-bit Ubuntu machine after sometime the process will get killed when the process is out of memory. These types of issues can be caused in most languages, in which it tries to allocate more and more memory. This is a simple example I found in Ruby.
ruby 2.3.1p112 (2016-04-26 revision 54768) [x64-mingw32]
What is load_extension?
This interface loads an SQLite extension library from the named file.
sqlite3 *db, /* Load the extension into this database connection */
const char *zFile, /* Name of the shared library containing extension */
const char *zProc, /* Entry point. Derived from zFile if 0 */
char **pzErrMsg /* Put error message here if not 0 */
More information: https://www.sqlite.org/c3ref/load_extension.html
You can use this function to load a SQLite extension. However by default sqlite3_enable_load_extension() is turned off by default to prevent this in SQL injection attacks. You can read more from here https://www.sqlite.org/c3ref/enable_load_extension.html
The syntax would be
select load_extension(‘path\dll’, ‘EP’);
However this path, const char *zFile can be a SMB share too.
O’Reilly’s video training website is http://www.infiniteskills.com/. One day while I was browsing I found out that their online player can be spoofed with our own content. For example I was able to watch my favorite music videos😉
After reporting I was given to choose any 2 courses for free. Thanks for the reward🙂
I was able to bypass their XSS filter. After responsibly disclosing the vulnerability I got acknowledged.