Posts

Showing posts with the label exercise

How I Compile Reverse Engineering Exercises For Maximum Learning And Minimum Noise

Image
Imagine if your first reverse engineering exercise was to reconstruct an encrypted IAT – if you don’t fully know what that means, that’s the point: beginner reverse engineering exercises should be clear (and fun)!
Anything that can throw off the analysis of a reverse engineer, such as optimized inlined functions, shouldn’t be in beginner exercises. Secondly, I would like my exercises to run on as students' computers as possible. These are the goals I strive for when creating CyberQueens exercises, and here is how I configure my compiler to meet those goals.

Ensuring A Clear And Concise Executable is Compiled To prevent the compiler from adding any unintended opcodes or logic, which could confuse aspiring reverse engineers, set all of the following build properties:
To disable uninitialized memory checks (and other debugging) checks from being automatically compiled into the code, set the compilation target to Release. This can be done from VS’s main page, as seen in Figure 1.

To o…

Stack Overflow CVE-2019-17424 Vulnerability Write-Up and RCE Exploit Walk Through

Image
Stack Overflow CVE-2019-17424 Vulnerability Write-Up and RCE Exploit Walk Through This is Part 2 in a 4 part series about my process hunting for vulnerabilities in a network auditing tool (used to protect networks by detecting and fixing security holes), and fully exploiting one of the vulnerabilities I found. I recommend reading the series in ascending numeric order. Link to part 1 here. Links to parts 3, and 4 at the end of this post.

This post describes how I found CVE-2019-17424 and successfully exploited the vulnerability in the precompiled, packaged product.
Vulnerability ⚡ Reader’s Exercise 🔎 I found CVE-2019-17424 by manually reviewing the source code of nipper-ng. Provided below is an excerpt from the source code containing only the vulnerable function. You are welcome to take it as an exercise to find the vulnerability in the code below:

Notice: The vulnerability in the code above is identified in the paragraph below. If you want to try to find the vulnerability yourself, o…