Heihachi

Ok hi and good day everyone I don't speak Romanian, so I apologise for that. Now I want to know more about exploit development and since I have some idea of C, I think I might get somewhere with it, hence I decide to ask here. Suppose I want to make a PDF exploit I understand there must be shellcode (byte code) then create a wrapper to create the output (pdf) and fwrite the bytes to the pdf file. Can a pdf exploit be developed in C? I believe so, cos I can use wininet to make a script to do download and execute, use CFF explorer to read the bytes then paste and... others, Quite noob / new to this so kindly forgive my ignorance.

hai good day everyone. I have finally hooked IE / Chrome. but here is what when I do something like this if(lpOptional !=NULL) ****{ char cData[2005]; ********sprintf_s(cData,"%s",lpOptional); ********write_log(POST_LOG,cData); ********* ****} it saves that parameter to the log file, no problem but the problem I get is it returns something that looks encrypted and I don't get to see any data there containing headers, referers and other data here is an example of what I got in return ----------------------------------- <RepLookup v="5"><G>4A72F430-B40C-4D36-A068-CE33ADA5ADF9</G><O>AB298D41-7E91-4C46-BE44-073E36B99971</O><D>10.0.8110.6</D><C>11.00.9600.18124</C><OS>6.3.9600.0.0</OS><I>9.11.9600.18125</I><L>en-GB</L><RU></RU><RI>46.228.47.115</RI><R><Rq><URL>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tLy9teWxleGlhTG9naW4=</URL><O>PRE</O><T>TOP</T><HIP>12.130.26.136</HIP></Rq><Rq><URL>aHR0cDovLzEyLjEzMC4yNi4xMzY=</URL><O>PRE</O><T>IP</T><HIP>12.130.26.136</HIP></Rq></R><WA/><PRT>1406</PRT></RepLookup> ----------------------------------- ----------------------------------- <RepLookup v="5"><G>4A72F430-B40C-4D36-A068-CE33ADA5ADF9</G><O>AB298D41-7E91-4C46-BE44-073E36B99971</O><D>10.0.8110.6</D><C>11.00.9600.18124</C><OS>6.3.9600.0.0</OS><I>9.11.9600.18125</I><L>en-GB</L><RU></RU><RI>46.228.47.115</RI><R><Rq><URL>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tLy9teWxleGlhTG9naW4=</URL><O>POST</O><T>TOP</T><HIP>12.130.26.136</HIP></Rq><Rq><URL>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tL215bGV4aWE=</URL><O>POST</O><T>ACTION</T><HIP>12.130.26.136</HIP></Rq></R><WA/><PRT>3741</PRT></RepLookup> ----------------------------------- ----------------------------------- product=lexia&username=jamesjimjam&password=jaja1234&submitLogin= ----------------------------------- ----------------------------------- <RepLookup v="5"><G>4A72F430-B40C-4D36-A068-CE33ADA5ADF9</G><O>AB298D41-7E91-4C46-BE44-073E36B99971</O><D>10.0.8110.6</D><C>11.00.9600.18124</C><OS>6.3.9600.0.0</OS><I>9.11.9600.18125</I><L>en-GB</L><RU>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tLy9teWxleGlhTG9naW4=</RU><RI>12.130.26.136</RI><R><Rq><URL>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tLy8vbXlsZXhpYUxvZ2luP2Vycm1zZz1UaGUrdXNlcm5hbWUrb3IrcGFzc3dvcmQreW91K3N1Ym1pdHRlZCtpcytub3QrdmFsaWQuK1BsZWFzZSt0cnkrYWdhaW4u</URL><O>PRE</O><T>TOP</T><HIP>12.130.26.136</HIP></Rq></R><WA/><PRT>2891</PRT></RepLookup> ----------------------------------- ----------------------------------- <RepLookup v="5"><G>4A72F430-B40C-4D36-A068-CE33ADA5ADF9</G><O>AB298D41-7E91-4C46-BE44-073E36B99971</O><D>10.0.8110.6</D><C>11.00.9600.18124</C><OS>6.3.9600.0.0</OS><I>9.11.9600.18125</I><L>en-GB</L><RU>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tLy9teWxleGlhTG9naW4=</RU><RI>12.130.26.136</RI><R><Rq><URL>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tLy8vbXlsZXhpYUxvZ2luP2Vycm1zZz1UaGUrdXNlcm5hbWUrb3IrcGFzc3dvcmQreW91K3N1Ym1pdHRlZCtpcytub3QrdmFsaWQuK1BsZWFzZSt0cnkrYWdhaW4u</URL><O>POST</O><T>TOP</T><HIP>12.130.26.136</HIP></Rq><Rq><URL>aHR0cHM6Ly9hdXRoLm15bGV4aWEuY29tL215bGV4aWE=</URL><O>POST</O><T>ACTION</T><HIP>12.130.26.136</HIP></Rq></R><WA/><PRT>2891</PRT></RepLookup>x ----------------------------------- * even chrome did almost the same, except that it complains that the code buffer isn't enough. but it submits other logs to the file. this is giving me a hard time figuring.

Hello again and good morning I been studying sql injection very well. But I wanted to use automated tools in the injection. Tools like havij doesn't seem to Make sense this days. Even qesqlmap,i don't see it anywhere . Any ideas? Kindly let me know..

<html> <head> <title>testHome in ASP</title> <body> <% if Request.Form("submit") ="test" then Response.Write("Ok Mate You Just Clicked Me!") %> <form name = "superform" id="superform" method="post" action="idc.asp"> <input type="submit" name="submit" value="test"/> </form> </body> </head> </html> That's what i tried. And I got a stupid error that didn't show me where I was wrong on IIS

Many thanks , obviously i dont mean ASP.net c# i meant classic ASP.

Good morning In PHP we do something like this <?php If(isset($_POST["submit"])) { echo "You clicked me yeh?"; } ?> How do you represent this in ASP? Not ASP.NET Please assist ASAP