Questions tagged [code-execution]
The process of executing code, either maliciously or not, on a system or device. The term is often used when talking about code injection vulnerabilities.
93 questions
3
votes
0
answers
151
views
Am I being attacked via a libglesv2 vulnerability in Skype?
On 2024-12-22 and 2024-12-23, Skype crashed 7 times with an access violation. This resulted in DMP files written to disk in a crash report folder.
WinDbg's !analyze -v command outputs these top 5 ...
- 3,484
13
votes
3
answers
5k
views
Filter arbitrary code for blacklisted keywords except on commented lines
I have a Rust-app executing Python-scripts using PyO3. The Python-scripts are uploaded by users, so I need to check for unsafe code before executing it. The scripts should only be able to do ...
- 3,540
1
vote
2
answers
707
views
execute command in go without storing the command in a .exe file
I am trying to do a go program to execute a .exe file, but without be actually a .exe file. The idea is to read the executable from a .txt file and decode it (it is in base64). Once I have that code ...
- 11
0
votes
2
answers
873
views
Unable to execute shellcode on x86_64 architecture
I currently got interested in binary exploitation (even though I do not know if today is still useful).
I started studying shellcode and buffer overflow (stack-buffer overflow, specifically). I know ...
0
votes
1
answer
219
views
What are all ways to run code at Windows startup?
I'm the attacker. What are all the options to run code at the Windows startup:
If I have administrator rights?
If I have normal user rights?
Can someone put any program (or script) in this method or ...
- 31
3
votes
2
answers
2k
views
Check if javascript in pdf is malicious
I used Didier Stevens's pdfid.py to check a pdf, and it found js and automatic actions associated with the pdf:
How do I check if this is malicious code?
- 43
1
vote
3
answers
3k
views
What exactly are Hidden HTTP Parameters?
I read a lot of reports where 'hackers' potentially exploited a 'Hidden HTTP Parameter'. There are also tons of tools which are developed for this exact purpose.
Example : https://blog.yeswehack.com/...
- 41
-1
votes
1
answer
133
views
Recommended way to merge a security feature with the rest of the software? [closed]
I am searching for the best way to merge two parts of software together, so it would be as hard as possible to separate them again through reverse engineering.
At the moment are both parts python, but ...
- 56
1
vote
2
answers
969
views
How can code signing posibly be secure on Windows when signed executables act on unsigned input?
As a security measure, my Windows-based work computer has been configured to deny any application that hasn't been signed with a valid certificate; my system will run a signed executable from DropBox'...
- 111
1
vote
2
answers
3k
views
Security Implications from Base64 Image
I copy / pasted a data:image/png;Base64 image from a Google search into a Google Slide, before realizing it was a BASE64 image. Is there any possibility that this contains malicious code, or any way ...
3
votes
1
answer
457
views
Remote code execution after a valid SMB (net use) password in Windows?
I am doing a capture-the-flag exercise in a Windows scenario.
It uses Windows 2016 server. I was able to find the password and I can access the files with a:
net use z: \\computer\C$ password /user:...
- 31
0
votes
1
answer
3k
views
What can I do with a Pdf upload vulnerability on a CTF server?
A web server running iis 10 ,PHP (windows) allows users to upload any type of pdf (the location and filename does not change on the server ). The files uploaded go though some file extension check ...
- 1
0
votes
0
answers
161
views
What ways a website could hack a device? [duplicate]
Is it possible that clicking a link would hack a device?
For example:
injecting a malicious code into the device directly from the link's host website
connecting to the device remotely in a way ...
- 1
0
votes
0
answers
138
views
Possibility of arbitrary file upload where upload converted to png
Would a file upload function be vulnerable to code execution where the uploaded file is always converted to a PNG file by the application? For example, if one uploads shell.php and this file is ...
- 155
0
votes
1
answer
237
views
Would it be useful from a security perspective to harden an interpreter like Python or NodeJS by removing support for unused features?
When hardening a system you want to remove any features that you do not need. I have been thinking about this concept from the perspective of interpreters like Python, NodeJS, PHP etc. and am ...
- 3
1
vote
2
answers
712
views
Vulnerabilities in Receiving User-Submitted PDF Files Through HTTP(S)
For context; I have a web application that allows users to upload a PDF file from which the web app extracts certain information by parsing it. The app then sends this information to another server ...
1
vote
0
answers
191
views
Attack on a string created by a developer
Go and Java have "compile time constants", and JavaScript will soon get a feature that allows "Distinguishing strings from a trusted developer from strings that may be attacker ...
- 111
1
vote
1
answer
198
views
Why don't computers enforce immutable address spaces for execution?
A piece of malware detects signatures of the sandbox an AV solution tries to use to fingerprint malicious behavior and pretends to be innocent. Once in the real OS environment, it then downloads ...
- 775
3
votes
1
answer
1k
views
Is it possible to embed a phar archive into a PNG image?
I know it's possible to embed phar archives into jpeg images but is it also possible to do so with PNG images? I am testing a php application that securely checks if an image is a valid PNG image ...
- 45
1
vote
1
answer
158
views
CLI application running user defined command periodically [closed]
For a toy CLI application I'm writing, I'd like to store a string with an user defined command that will be executed periodically (like shell -c <command_string>).
I have seen other applications ...
- 113
1
vote
1
answer
387
views
Wayback machine downloading a file called default.exe?
When I look up a site on wayback machine, I click through a couple of links on the site, and then instead of loading the page, it downloads a file called "default.exe".
Since I was expecting ...
- 1,350
0
votes
1
answer
178
views
How can I find out what's in this NASA JPL "Spy" command line program for macOS and how safe it is?
Discussion under this answer in Space Exploration SE links to items in NAIF; NASA Planetary Data System Navigation Node links for MacIntel_OSX_64bit
I'm looking at these two.
spy: https://naif.jpl....
user115702
0
votes
2
answers
473
views
How to put executable code in files? [closed]
I have PDF, Word and MP4 files on my site and I want to protect them from illegal downloading even if my site hacked. I want to put executable code in the files, so if someone downloads and opens them,...
- 9
0
votes
1
answer
700
views
Allowing the execution of arbitrary code in python
Let's say the user has installed a python interpreter on their machine/browser, for example, using something like https://github.com/iodide-project/pyodide. I understand not allowing someone to enter ...
- 111
1
vote
1
answer
208
views
Can uncompressing a ZIP/tar.gz/rar/etc file execute some custom code?
So I recently downloaded Tor Browser on my Linux machine and what immediately caught my eye is the fact that after uncompressing the file (I think it was .tar.gz, but the question applies to every ...
- 1,697
1
vote
0
answers
128
views
Android: what attack vectors are introduced by calling native code from the web (JS)?
I work on a large e-commerce project, the app in question is written in Kotlin (legacy code in Java). Recently we got the following question from the web team which instantly triggered my alarm bells: ...
- 111
0
votes
1
answer
1k
views
How are games and software executables injected with custom code & without breaking offset?
Introduction – Context
Everyone has seen so called "Injectors" or "Cracks" for certain programs & games at some point in their life.
These applications inject their own code ...
1
vote
1
answer
229
views
Build and execute code on a sandboxed environment?
Numerous websites allow us to build and execute C code from web browsers (repl.it, onlinegdb.com, ideone.com...). For my own application (education purposes) I would like to do the same on my web ...
- 367
0
votes
1
answer
627
views
Is it safe to automatically parse text as markdown?
I have a server, which receives text mails from students and I plan to automatically collect their message bodys and parse them as markdown so that I can generate a nicely formatted output as pdf. Is ...
- 103
0
votes
2
answers
2k
views
Can't execute shell i uploaded with cURL
I uploaded a PHP web shell to a site, and to bypass the file upload restriction, I used a .php.jpg extension.
When I open my shell with a web browser, it doesn't execute (confirmed with a packet ...
- 3
0
votes
1
answer
153
views
Protect password from apache user by making file executable-only
I (will) have a binary executable file. It's only permission is user-execute. It cannot be read by user, group, or world. The owner of the file is the Apache user. I don't want the apache user to be ...
- 105
1
vote
0
answers
340
views
Process hollowing and the Import Address Table
I have been learning and implementing Process Hollowing attacks, and even after I got the thing work, I have some questions.
Why aren't we building the IAT when we load our injected PE? All we do is ...
- 33
2
votes
0
answers
189
views
Can binary firmware packages be executed on the system?
Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default.
From my limited understanding of their functionality, a binary firmware ...
- 273
3
votes
1
answer
4k
views
Safe usage of Runtime.getRuntime.exec(String[])
I was reviewing code of an application that uses the following piece of Java code and wanted to know if the the use of exec() was susceptible to command injection.
public class FindFileInDir {
...
- 233
1
vote
4
answers
244
views
Is it possible to detect malicious software just by analyzing the code structure?
I'm a newbie to software security. I'm designing a network and I was wondering is it possible to detect if a program upgrade being downloaded on the network is malicious just by analyzing the ...
- 11
2
votes
1
answer
3k
views
Explanation of persistent full-chain kernel code execution
My question
Meaning of persistent full-chain -- ?
What is the difference between OS-level CE and Kernel level CE?
How do OS-level CE and Kernel level CE differentiate in impacting a system?
Rarity and ...
- 23
3
votes
1
answer
4k
views
How can we embed an exe containing a payload into a pdf file [closed]
I have created an exe with a payload which gives me a meterpreter session. But I need to embed this exe into a pdf. Upon opening the pdf the exe ideally should get executed. Is there any way to do ...
- 41
1
vote
1
answer
234
views
Securing Code Secrets - What is the relevance if the host gets compromised?
I've been researching and testing different approaches when it comes to securing code secrets, and am unsure what the best options are, and if they even have any relevance once a host gets compromised....
- 145
2
votes
3
answers
2k
views
How does buffer overread cause arbitrary code execution?
Referenced in the recent VLC vulnerability and other places, apparently buffer overreads can cause arbitrary code execution. How does it do that? Suppose in the following toy example
void badcpy(...
- 21
1
vote
1
answer
2k
views
How much protection does sandbox software provide against malicious .exe?
I need to review a large number of .exe game files. I recently had an incident where I got infected by an .exe that passed all my 'checks': virus scan, Virustotal, reviews, community feedback, ...
- 121
0
votes
0
answers
978
views
What is the risk of allowing user input in Python's 're' module
Some context
I'm currently building an application which lets user's set up dynamic, queries they can execute later. A great addition to this seems like a regex module, in which users can filter ...
- 862
0
votes
0
answers
200
views
Is php code with such features vulnerable to RCE?
I'm participating in one bugbounty program.
This site runs on php (Apache) and uses amfphp library.
Here are the things I found I can make this library do for me:
Include (include_once call) any file ...
- 211
0
votes
2
answers
693
views
Why Empire Launcher payload is not working in system() in PHP?
I created a parameter passing through system() i.e. cmd. Now I run Empire tool with http listener and launch powershell launcher. Got the huge bunch of base64 encode string.
Now I pass this string to ...
0
votes
1
answer
254
views
PHP code execution attempts on an ASP website
I found multiple PHP code execution attempts on my web server, which is running on asp. What happens when one attempts to execute php code on an asp web server? Will this create an impact on the ...
- 1
9
votes
1
answer
2k
views
Can I inject a shell command here in PHP?
During source code examination for a client, I found this code. It gets unsanitized parameter from GET, sanitizes it and does shell_exec()
$arg = $_GET['arg'];
// sanitization, I suppose...
if(...
- 93
1
vote
0
answers
150
views
Why is digital signature enforcement on webservers not common practice?
Why is it that server admins do not code sign the contents of their webservers (all php, css, js, etc.) and have Apache / NGINX / whatever server software refuse to execute or serve any code / ...
- 162
0
votes
2
answers
653
views
What are some examples of known scenarios of network attacks?
For example, it is possible that someone could spread malware with insecure wifi access point, but I don't realize how sending a bunch of network packets can result into a compromised computer if the ...
- 35
4
votes
1
answer
226
views
How do services prevent malicious behavior when executing user provided code?
Some services such as Github allows the execution of user supplied code using docker containers via Github Actions. Another example of a service provider that executes user provided code are ...
- 511
2
votes
1
answer
195
views
PHP Code execution in function parameters and logical operators [closed]
After wondering about this and trying to better understanding, I tried the folowing code:
is_string(3 and sleep(30));
Why PHP will execute code inside a parameter function (sleep in is_string) ?
...
- 43
0
votes
1
answer
398
views
How to fix WordPress CVE vulnerabilities or preventive measures?
I have a WordPress site running on version 4.9.8. In the recent security audit done by the organization following issues were reported.
1) Wordpress: CVE-2017-1000600: Input Validation vulnerability ...
- 293