redstack

This article is about writing exploit using the Metasploit Framework, for very secure software: bof-server
Bof-server has been written especially to be exploited during this article, and as you already guessed by looking at it’s name, we will exploit a stack overflow bug. You can find bof-server here:
bof-server source code
bof-server binary for Windows

Before to start I would like to say that I am not a Metasploit expert, so feel free to correct me if something is not done the right way.

Bof-server
First of all, lets see how bof-server works. To start it on port 4242 use the command below: (more…)

This is the first article of a (I hope) long series of articles about ‘The Basics: What everyone should know about’

The calling convention defines the way a function or a piece of code should arrange data before calling a function, and what to do after. It responds to questions like “In which order should I pass the arguments ?”, “Should I clean something ?”, “Where is the result ?”, …

There is a lot of different calling conventions. Here are the 3 I see the most of the time:

• cdecl
• stdcall
• fastcall

cdecl convention

The cdecl convention is the default one used when working with a C compiler like GCC or MSVC. To use the cdecl scheme for a function, you can use this syntax (GCC): (more…)