Posts

Every penetration tester, white hat hacker, red teamer required to use tools. Tools make our process easier. I will list my favorite tools with short description for future reference! If you think i have missed anything here, please let me know. I will update the post! Enumeration Information Gathering and Enumeration is the first stage for good and bad hackers. Enumerating using some opensources tools speed up the process. Here are some tools used for enumeration....

There are some situation when our shellcode does not fit in small memory space. In this case we might be able to store our payload into a bigger memory address. But how we find the address? It is EGG which find the shellcode location by searching specific string(Tag) and start executing the code right after the tag. I will Vulnerable application: https://github.com/stephenbradshaw/vulnserver Crash POC: import socket vulCommand = b"KSTET \r\n" buffer = b"A"*1000 s = socket....

After a long time, I am again practicing how to exploit stack based buffer overflow. This post is just a quick note that how to exploit a simple SEH based overflow. The existing exploit can be found at https://www.exploit-db.com/exploits/50471 Application Download Link: https://www.exploit-db.com/apps/762256b7bcc2d7d47a394a52f522b16b-ytgrabber.exe Crash the Application POC Code: buffer = "A"* 9000 createFile = open('testing.txt',"w") createFile.write(buffer) createFile.close() Start Youtube Video Grabber and attach in windbg: Open testing.txt , copy the content, click on Enter code button, and paste into Username and Serial number field:...

Enumeration Gather some juicy info to move to higher privileges MySQL Information SQL Query Database Version select @@version Current Database select database() Get other databases name select schema_name from information_schema.schemata Database User select user() select system_user() Database user, password hashes select host, user, password from mysql.user Tables Name select table_schema,table_name from information_schema.tables select table_name from information_schema.tables where table_schema='userdb' Columns Name select table_name, column_name **from** information_schema.columns select column_name **from** information_schema.columns where table_name = 'usertable' Read system Files select load_file('/etc/hosts') Write to File select "<?...

This is not a complete python 3 tutorial. This just quick note to remember the python 3 syntax. Python Data Type: Name Type Description Integer int Numbers such as 100,200,1337 Strings str More than one characters such as “Cyber” Booleans bool Logical Value: True or False Floating Point float Numbers with decimal point such as: 1.1 Lists list Sequence of objects: [“Cyber”,10] Dictionaries dict Value pairs: {“key1″:”Cyber”,”key2″:”Red”} Sets set Collection of unique objects: {“test”,”test1″} Tuples tup Ordered secquence of objects: (1,”Cyber”) String Here is the example of String indexing and slicing:...