Update: user RelativeTrifle at the ReverseEngineering subreddit pointed out to me that this is not a new concept, as Johannes Kinder had already written about it in 2010 while calling it “overlapping instructions”. This paper was mentioned at StackExchange in 2013. While I did research terms and expressions in order to figure out if this technique had been mentioned before, it is very hard to guess what it could be called by someone else. Therefore, I apologize to Johannes Kinder for having had the “new” in the title, as it isn’t. However, I will still keep this article as it…
Just a reference to my previous blog at WordPress (https://pentesterslife.blog/) as I’ll be resuming blogging but now, here at Medium.
“Honorable” mentions regarding RE:
- x86_64 TCP bind shellcode with basic authentication on Linux systems
- x86_64 reverse TCP bind shell with basic authentication on Linux systems
- x64 Egg hunting in Linux systems
- Custom x64 encoder with a basic polymorphic engine implementation
- Polymorphic and smaller versions of three shell-storm’s x64 shellcodes, including the smallest execve /bin/sh
- Twofish Crypter with DNS (CName) password retrieval, x64 shellcode decryption, and execution
There are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp Repeater, and (cautiously) even Burp Proxy. There’s also Grep-Extract and pitchfork attack type specifically for Intruder. And, you might even develop your Burp Extension to do it. Sqlmap has a –csrf-token and a –csrf-url for the same purpose, or you can just configure Burp as previously stated, and run sqlmap through Burp using –proxy.
Now, here’s another way, using CGIHTTPServer from python.