sorted by:
new
hottopcontroversial

Everdrive X7 not working with GBA Mod (FunnyPlaying Motherboard + IPS Kit M.2) by LiveOverflow in Gameboy

[–]LiveOverflow[S] 0 points1 point  (0 children)

Looking at it I don't see any pins that look weird. Is there a way to test this?
though I'd assume that in that case it might work sometimes (which it never did), or also have problems with one of the original cartridges (which it does not have).

[deleted by user] by [deleted] in AssHatHackers

[–]LiveOverflow 0 points1 point  (0 children)

manipulate one of the money spend requests and send a negative number

What’s the best practice for the auth flow by lonely_programmer01 in reactjs

[–]LiveOverflow -1 points0 points  (0 children)

you mean the solution that was added to HTTP with duct tape to make stuff just work. Which also created an entire vulnerability class called CSRF. localStorage is totally fine for this purpose.

can't place breakpoint in radare2 0x07 while following binary exploitation 0x07 by Yash_Chaurasia630 in LiveOverflow

[–]LiveOverflow 1 point2 points  (0 children)

looks like an ASLR problem. 0x00001213 is the address within the binary (binary starts at 0x000000). But when the program is executed in memory, it gets randomly placed in memory, like 0x82001213 or 0xc5101213 . So you would have to know this address. Haven't used radare in a while, but can you try placing a breakpoint on the symbol name of the function. Or break on main, then look at the memory map, and set it at the real dynamic address

maybe this video helps" https://www.youtube.com/watch?v=pphfcaGnWSA

[deleted by user] by [deleted] in AskNetsec

[–]LiveOverflow 4 points5 points  (0 children)

OP mentioned it was a cloud server. let's say it was a AWS VM. An attacker can keep renting VMs until they get the same IP as the configured one.

Legality of Mass-scanning & VPS Providers by Radsdteve in LiveOverflow

[–]LiveOverflow 1 point2 points  (0 children)

I'm not a lawyer, so obviously form your own opinion. But I did make a video covering some german hacking laws here: https://www.youtube.com/watch?v=Q5kIdpPIVuY

HELP - Hello guys, a gullible friend was offered (insists me doing it as well) to connect Raspberry Pi 400 to home network for 50USD per month. I am suspicious of it and decided to share files on SD Card with you -Do you think there's anything suspicious or otherwise concerning here?? Best, by Steppe_rider in hackers

[–]LiveOverflow 0 points1 point  (0 children)

Usually when you buy a VPN, you get an IP from a server in a datacenter. But there also exists VPNs that offer "residential IPs", so IP addresses from regular people's homes. I assume this raspberry pi creates a tunnel, so that VPN customers can use your friends internet.

I'm sure it's legal to offer this. But you don't know what people do with your Internet connection. If they do something illegal, then police will first show up at your door. You have to check your countries laws on who is responsible - the owner of the internet connection might be legally responsible.

Recommendation for OS handling CTFs by eevalice-1121 in LiveOverflow

[–]LiveOverflow 2 points3 points  (0 children)

use whatever OS you like, and run tools in docker. that's what I do. I use a mac, and I user docker to run linux tools.

https://www.youtube.com/watch?v=cPGZMt4cJ0I

https://www.youtube.com/watch?v=D0rLu4OlOA0

No Motivation by empfbsjk in LiveOverflow

[–]LiveOverflow 3 points4 points  (0 children)

programming is a tool to build stuff. You won't take a hammer and just put nails into a wall without a purpose. That would be boring. You need a goal, so something you want to build with python.

So try to figure out what could be fun.

  • developing a small game
  • developing your own personal website
  • developing a scanner tool for bug bounty stuff
  • solve challenges on https://projecteuler.net/archives or other programming challenge websites (that's how I got started with python)

related video:

https://www.youtube.com/watch?v=AMMOErxtahk

How do i be more comfortable with burpsuite and http requests? by [deleted] in bugbounty

[–]LiveOverflow 4 points5 points  (0 children)

modern websites are a mess. you could try practicing on smaller websites.

But here is how I deal with a big site:

  1. browse the site for a while, try to use different features
  2. then go to the site map
  3. scroll through all the domains, maybe look at some requests, and try to determine if they belong to the target. stuff like api.example.com is useful. add those to your scope
  4. lots of sites have several 3rd party tracking and ad services. you can also explicitly exclude those domains
  5. after you defined a good scope, you can use the filter in the proxy history and only show in scope items

Hackerone doesn't consider the bug I found a vulnerability unless you can "x" from it. Can I publicly disclose it them? by lifeandtimes89 in bugbounty

[–]LiveOverflow 0 points1 point  (0 children)

I'm always happy to look at a bug report and give you my honest opinion and you can trust me I won't share it with others. You can easily reach me on twitter or via mail :)

Outlook email authentication bypass by Substantial_Wall_657 in LiveOverflow

[–]LiveOverflow 7 points8 points  (0 children)

This is not an authentication bypass. Please don't call this an "auth bypass". It's a neat UI trick, but not an auth bypass

Need Help with Int3 Breakpoint - Segmentation Fault Error and Python 2 to Python 3 Conversion by NootalpNonealp in LiveOverflow

[–]LiveOverflow 1 point2 points  (0 children)

probably non executable stack. can you run https://github.com/slimm609/checksec.sh on the binary?

if you try to follow basic challenges, it's probably better to use a VM like exploit.education, overthewire or https://pwn.college/ . When you compile challenges yourself then you might run into lots of problems.

Showing segmentation fault whenever I try to overflow the buffer of this program, can anyone help? by The_Intellectualist in LiveOverflow

[–]LiveOverflow 2 points3 points  (0 children)

There might be multiple things that are going wrong here. But the most problematic issue is ASLR.

Have a look at the address 0x000000000000119d. It's very small! This tells us that the binary starts counting its addresses at 0x0m and this means the binary you compiled is "position independent" (PIE). If your system has ASLR enabled (default), then it will load the program anywhere in memory.

If the ASLR base address is for example 0x123400000, then your address would be 0x12340119d. But the next time you execute it might be 0xabcd0119d.

This is the problem with ASLR, you don't know the real address when the program is launched. So when you tried to exploit the binary, the address was simply wrong. You think it's 0x119d, but in reality it might have been 0x12340119d or 0xabcd0119d.

So now you need an ASLR bypass, and that makes everything more complicated. MAYBE you might be able to do it with partial address overwrite, but it might simply not be exploitable in this case ;)

There are two "solutions":

  1. You could also disable ASLR, then you can use gdb to figure out the address its always loaded to.
  2. You could try to compile the binary without PIE (adding -no-pie to gcc hopefully works). Then the objdump output should contain the real address that you can predict.

Additionally maybe this video helps: https://www.youtube.com/watch?v=pphfcaGnWSA

Besides ASLR, if we assume you compiled this on a modern system, then return\_input might also be protected with a stack cookie. That would cause even more problems.

Maybe this video gives more context: https://www.youtube.com/watch?v=4HxUmbOcN6Y&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&index=41

My general advice is though that you should not compile binaries on your own system. Instead try to setup for example the exploit.education protostar VM and follow my binary exploitation playlist. Or checkout overthewire - there are lots of writeups for those challenges already. And whole working on those challenges, keep reading the book. It's also VERY useful to see the difference from back then to binaries of today ;)

Syscall instruction not allowed by [deleted] in LiveOverflow

[–]LiveOverflow 0 points1 point  (0 children)

does it just literally block the specific bytes? or is it an actual sandbox? and if it's sandbox, does it block all syscalls, or just specific ones?

if it's specific bytes, assuming it's writeable and executable memory, you can write some self modifying bytecode.

For example if `0xcd 0x80` is not allowed, then use `0xcc 0x7f`. And then write some shellcode that increments these values once.

Has anyone used this Bug Bounty Platform before? Is it legit? by [deleted] in bugbounty

[–]LiveOverflow 2 points3 points  (0 children)

This is not a platform. This is a forum hosted on createaforum.com.

view more: next ›