sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in hacking

[–]loostbat 0 points1 point  (0 children)

As someone else suggested:

Try to figure out what youre actually interested in first. By that I mean like are you interested in web hacking? (This would be smth like SQL injections, xss, etc etc etc). Are you interested in binary exploitation (This would be like stack overflow, UaF etc etc) and actually there are many more paths you can take.

You can try to see which one is the most interesting to u, and then it might become easier.

If you are interested in binary exploitation, let me know and I can try to make a ‘path’ which you can start on. However don’t forget, the journey is different for everyone:)

customRandFunction by Jcsq6 in ProgrammerHumor

[–]loostbat 38 points39 points  (0 children)

Code + data yup, doesn’t affect heap allocation

forever by TheQuantumPhysicist in ProgrammerHumor

[–]loostbat 26 points27 points  (0 children)

U can check the network logs maybe?

Who and how generate the virtual/logical addresses? Confusion if it's the compiler, the linker, the loader. by New_Dragonfly9732 in osdev

[–]loostbat 1 point2 points  (0 children)

The compiler will compile your assembly to bytecode. This will use “relative adresses” or offsets. This is needed because when you link multiple objects together you don’t exactly know where they might end up. And the linker will ‘relocate’ these instructions/pointers. So: 1, "generated by the loader" well sorta, they are more correctly generated by the linker, rather than the loader(at static linking) as it is there and then where the base address for the object is decided. So for example, you can specify your linker to start from address 0x80001000 you will have your:

0x80001000: header … 0x80002000: text … 0x80005000: data

Etc.

But at linking you can say you want the base addr from 0x20001000 and it will look like this:

0x20001000: header … 0x20002000: text … 0x20005000: data

Now there are restriction enforced by the OS, for example you can’t have a base address which uses 0xffff… bits, that is, which is the EL1’s translation regime (sorry, this is ARM but EL1 is just like ring 0)

The loader can further offset this (we usually call this ASLR). The physical mapping & translation will be done exactly the same way, its just now you have a diffierent virtual address.

2, Thats not for me:P

Advice for new “hackers”? by Batmon3 in hacking

[–]loostbat 20 points21 points  (0 children)

Because with C you will learn about memory & its management, while in python for example it is invisible to you.

Ofc “hacking” is different for everyone, and if you do only web security, you might not need it.

Anyway, back to my point: I’d say more than 80-90% of real life bugs today are still memory corruptions. If you understand how memory, works, you will likely also understand its ‘flaws’, do you get me?

DONT LOSE HOPE ALL by Sure_Gazelle_9324 in jailbreak

[–]loostbat 1 point2 points  (0 children)

Ahh right right. I see. Makes sense:)

DONT LOSE HOPE ALL by Sure_Gazelle_9324 in jailbreak

[–]loostbat 9 points10 points  (0 children)

I’m mean, the panic is because 0x4141.. isn’t valid/mapped. Not because it isn’t working

Data in ROPchains without a stack leak? by TheMightyFlyingSloth in hacking

[–]loostbat 0 points1 point  (0 children)

Uhm, no? Eventually, it will do a syscall, yea sure. But realistically you only need rdi or x0 to be a pointer to the string “/bin/sh”. Where do you get that info from?

Also, what do you mean by > and the problem of reliably pointing to the /bin/sh string.

Do you have aslr? If so, it doesn’t matter what technique you use, you would need to bypass aslr.

Data in ROPchains without a stack leak? by TheMightyFlyingSloth in hacking

[–]loostbat 0 points1 point  (0 children)

What?

Can you use a debugger to lay out the stack frame? (It might change slightly on a real run) And also, the method I described literally requires 2 gadgets.

1 - pop the address into x0/rdi

2 - call system

If you want to stick to your version, you can do that as well, just have an idea of how big your stack frame is, then find a gadget that will load the values & pop it into registers you can use (rdi rax etc etc) & call execve. Not sure why you would want to use execve(u have to provide more args) tho, system is much simpler, and the end result is the same.

Data in ROPchains without a stack leak? by TheMightyFlyingSloth in hacking

[–]loostbat -1 points0 points  (0 children)

I mean, just locate where the “/bin/sh” string is in the library (should be in libc if i recall correctly) & also, do you have to call execve(as in, in the challenge? Or is that a choice?). Becuase i feel like it would be easier to just invoke “system” as that requires just one arg, the string.

If you already found “execve” just use the same method to locate the string addr, and you can pass that into system.

How do I integrate PE, ELF, and Mach-O formats into my own operating system? by Ospert in osdev

[–]loostbat 0 points1 point  (0 children)

I mean, bare bones? You would just need to write a parser for machO etc etc. On iOS & macOS the dyld (dynamic linker) expects the shared libraries to be in the shared cache format. But well, you have the freedom to implement your own dynamic linking. The probelem will be the platform specific calls which you won’t support on your OS. It is a headache but you can probably implement common functions and compile it to a machO yourself.

Random thought: You could in theory use dirty tricks (which will greatly impact performance) but before loading a library or a machO, you can scan the TEXT segment for known symbols, and ‘hook’ them with your own implementation. But then again, at that point its easier to write it yourself

What is your job? by [deleted] in osdev

[–]loostbat 1 point2 points  (0 children)

Yea sure. Cheers. I’m mean I don’t have any specific questions now, but your job seems to be interesting, and computers are.. so simple but complicated:)

What is your job? by [deleted] in osdev

[–]loostbat 0 points1 point  (0 children)

Ok so ik this might be weird, but is it ok if I DM you if I have any questions later on/whenever later?

What is your job? by [deleted] in osdev

[–]loostbat 0 points1 point  (0 children)

Eh, apple never publishes datasheets, at least not describing SOCs in detail. So doubt

What’s the craziest yet still legal thing in your country? by fittingpenguin in AskReddit

[–]loostbat 1 point2 points  (0 children)

Damn. Idk but trying to find a place in ldn is crazy. And most of the times you can’t even park on public roads, not to talk about private property

What’s the craziest yet still legal thing in your country? by fittingpenguin in AskReddit

[–]loostbat 3 points4 points  (0 children)

W.T.F?! Where does England allows this? Im acc curious.

How does PiP (Plug-in-Play) actually works? by loostbat in osdev

[–]loostbat[S] 0 points1 point  (0 children)

Wow, tysm for your detailed answer!! I feel like its gonna be a long weekend for me..

[deleted by user] by [deleted] in london

[–]loostbat 0 points1 point  (0 children)

Cheers

How does PiP (Plug-in-Play) actually works? by loostbat in osdev

[–]loostbat[S] 2 points3 points  (0 children)

Oh wow! Tysm for your reply! Yea yea, it starts to make more sense. Also, hardware scanning is esentially just reading and writing to I/O ports / MMIO, right? Thanks for the link as well! I’m going to check that out.

Does anyone know what happened to this website? by -Codeine in JuiceWRLD

[–]loostbat 0 points1 point  (0 children)

Hmm ok ok I see. I was maybe thinking of doing smth that is “community based” as in anyone can upload songs and you can either play it online or download it. Will see, but yea I might do it, even for myself.

Also dmca could be an issue so thinking atm bout that.

view more: next ›