Search
You can find the results of your search below.
Fulltext results:
- Shellcode Injection Part 1
- should be in C format | | > shell.c | Save to the file shell.c | <code bash> msfvenom -p windows/shell_... tes. We take this from the ''msfvenom'' output. <file cpp local-process-injection.cpp> #include <stdio.... ad, size); ((void(*)())code)(); return(0); } </file> \\ \\ ==== Analyse shellcode ==== After compili... s> python3 jigsaw.py shell.raw </code> and get a file with C++ code. <code c++> unsigned char jigsaw[5
- Buffer overflow in the 64-bit stack - Part 3
- h>psycore8/nosoc-bof/tree/main/part-3|Github]]. <file c bof-part3.c> /* Code https://blog.techorganic.c... setbuf(stdout, 0); vuln(); return 0; } </file> \\ \\ ===== Debug ===== {{page>en:vorlagen:att... s write a first exploit to ''write()'' to leak. <file python buf3-stage1.py> #!/usr/bin/env python fro... eaked write address: {}".format(hex(got_leak))) </file> We run the whole thing and get the following ou
- Shellcode Injection Part 3
- ow how we can use a shellcode injection to load a file via HTTP and then execute it. \\ \\ ===== Code =... assembly === The code executes a downloaded VBS file. However, we want to start a Python script that c... reate the shellcode as ''%%x86 Windows%%'' binary file. We do this with ''%%nasm%%'': <code bash> nasm ... jdump -D ./shellcode.o |grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' '
- Buffer overflow in the 64-bit stack - Part 2
- per and display the gadgets <code bash> ropper --file bof-part2 ... 0x000000000040116a: pop rdi; ret; .... ll need 2 offsets for the exploit. So we load our file into the debugger and start it: <code bash> gdb-... === Now we run our Python exploit and create the file in.txt. <code bash>python2 buffer.py</code> \\ \\ ==== Set authorisations ==== Our file still needs the appropriate root permissions. <c
- Obfuscation: Disguise shellcode as UUIDs
- something like this: <code cpp> [*] try to open file [+] reading 240906.001 successful! [*] try to gen... the victim system. After the copying process, the file is not recognised. We scan it once manually with ... ooks good. ==== Execute ==== We now execute the file and wait for the result. Unfortunately, nothing ... ==== The UUID obfuscation works and protects the file when accessing the hard drive. After execution, m
- Obfuscation: polymorphic in-memory decoder
- ep: - We extract the actual shellcode from the file ''%%calc.o%%'' and save it in ''%%calc.raw%%'' (f... ur code and prepare it for our ''%%Inject.cpp%%'' file: <code python> python shencode.py formatout -i x... xor-decoder.stub -fb 60 -lb 329 [*] try to open file [+] reading xor-decoder.o successful! [*] cutting
- Shellcode Injection Part 2
- , this alone was not enough, so that the compiled file was recognised directly. Nevertheless, I also use... ated by the ''%%function_encoder.py%%'' generated file ''%%output.bin%%''. \\ \\ ==== Obfy ==== Jigsaw ... s Defender could no longer recognise the compiled file. I didn't even have to do much. It was enough to
- Shellcode Injection Part 4
- ode> <callout type="info" icon="true"> Opens the file ''windir\syswow64\kernel32.dll'' in PEView. This ... > Then it is worth taking a look at the compiled file: <code> objdump -d calc-unsanitized.o </code> {... .o -s c </code> The command provides us with the file in C format syntax. We know that our shellcode st
- The importance of awareness in IT security
- romised. The trigger was a double-click on an ISO file that was sent as an attachment in an email. Windo... k methods === In this particular example, an ISO file was included. This is only symbolic for the time
- Buffer overflow in the 64-bit stack - part 1
- ==== First we set root rights to the vulnerable file and start it((https://blog.techorganic.com/2015/0
- Obfuscation: ByteSwapping
- ode> * Then we extract it and save it in a new file <code python> python shencode.py formatout -i po
- Privilege escalation: Windows admin thanks to Linux
- ]] After the download you have to port the image file to a bootable USB stick or DVD. To ensure that th