SEH Based Stack Overflow

kali ini saya akan mencoba membuat exploit untuk aplikasi EASY CHAT SERVER, namun aplikasi ini berbeda dengan aplikasi sebelumnya yang pernah saya bahas yaitu mempunyai proteksi yang bernama SeHandler. apa itu seh handler....?


SEH based overflow memerlukan sedikit cara khusus karena kita berhadapan dengan Exception Handling. Ketika program crash karena buffer overflow, EIP tidak langsung tertimpa dengan buffer yang kita kirim, tapi mengarahkan kita ke exception handling. Kita hanya perlu memastikan bahwa alamat SE Handler juga tertimpa denga buffer yang kita kirimkan, sehingga ketika exception handling diteruskan, maka akan membawa kita ke EIP. 

Basic Stack-based Overflow

Kali ini saya akan mencoba membagi pengalaman yaitu belajar membuat exploit sendiri, pada experimen ini kita akan menggunakan aplikasi SIM EDITOR GSM. sebelum kita memulai exeperimen kita, ada hal-hal yang perlu kita siapkan yaitu :

=> windows xp3 (taruh saja di virtualbox)

=> Immunity debugger

=> python
=> aplikasi abal-abal

php backdoor shell weevely

weevely is a kind of backdoor php which is used to make connectback or get a shell on the target web that has beenuploaded backdoor. most websites do not provide remote facilityor ssh from the target, with weevely we can do a remote terminalthrough ssh and run as a user.


this time we try to generate php backdoor using weevely and connectback form the target. let's start,,!!!

WEP (wired equivalent privacy)

The privacy protocol specified in IEEE 802.11 to provide wireless LAN users protection against casual eavesdropping. WEP refers to the intent to provide a privacy service to wireless LAN users similar to that provided by the physical security inherent in a wired LAN.


yesterday I was explaining about cracking WPA2. and now I will show you how easy it is to cracking WEP. let's we see....

Cracking wpa2-psk

Wi-Fi Protected Access (WPA) is security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system


WPA is a more powerful security technology for Wi-Fi networks than WEP. It provides strong data protection by using encryption as well as strong access controls and user authentication. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure your wireless network's privacy and enterprise security.

How to get ROOT in the system through the WEB application

Risk of web vulnerebility is very high, the malicous user can get the root system from his vulner. with root user we can do what we want. so,

I will to explain how to hack root user through web application, I recommend to build your own lab, because it is safer to learn. let's start ...!!! 

PHP Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.