#nosoc blog

Approved 2024/09/01 22:45 by psycore (version: 5) | Approver: psycore

#nosoc blog

$^\xi xpec_tthe ^un \xi xpecte_d$

Shellcode Injection Part 2

In part 1 of the shellcode injection series, we started a reverse shell from a local process. In part 2, we inject the shellcode directly into a process. This form of injection is usually recognised by Windows Defender, so we will again use some obfuscation methods.

We use a 64-bit shellcode and (with one exception) use the same tools as in part 1. You can download the source code from the Github repository.

→ Read more...

Shellcode Injection Part 1

In this series of articles, we look at shellcode, how to inject it into processes and some techniques for obfuscating binary files. In the first part, we look at how to inject shellcode from a local process. ausführt. In addition, we disguise the program so that Defender no longer recognises it as a threat.

You can find all the required files in the repository

→ Read more...

Buffer overflow in the 64-bit stack - Part 3

In Part 2 we used the string /bin/zsh to the function System() function to open a root shell. To do this, however, we had to deactivate ASLR - ASLR changes function addresses every time the programme is restarted. Superkojiman describes in detail in his Blog how to circumvent this protection. But first we have to visualise a few things

The third part of the Buffer Overflow series.

→ Read more...

Privilege escalation: Windows admin thanks to Linux

In this tutorial, I will show you how to secure administrator rights on Windows PCs using a live boot CD. We will simulate two scenarios:

  1. activate an admin account
  2. upgrading a simple user to the administrator group

We will do this by manipulating the SAM Security_Accounts_Manager using a live Linux system.



→ Read more...

Buffer overflow in the 64-bit stack - Part 2

In the second part, we activate the NX bit, which is intended to protect us from buffer overflows. To keep things fun, we will of course override this protection directly. We achieve this by passing the command to be executed to the libc-Funktion system() is forwarded. This tutorial is fundamentally based on the work of superkojiman 1)

→ Read more...

<< Newer entries | Older entries >>

New blog entry:
en/index.txt · Last modified: 2024/09/01 22:45
CC Attribution-Noncommercial-Share Alike 4.0 International