Following my other post on modifying exploits, this post will outline a hands-on example to tailor an exploit to our specific situation. On a box, we found the vulnerable service achat running on port 9256, which should be vulnerable to this exploit. After analyzing the current exploit, we see in the comments (green highlighted part) that the current payload shellcode (the second highlighted part) is opening calc.exe via cmd.
The truth is that exploits, especially POC's on Exploit-DB don't work out of the box but you need to tailor it to the specific situation our environment. As this is can be very challenging, I'll demonstrate a hands-on example This blog post continues our previous post on the windows exploit suggester, but deserves a seperate post on its own. In our last post, our exploit-suggester pointed us to the following
Obtain a reverse shell with PHP In my blog post about Netcat, I've briefly mentioned that you may need to use a PHP script to spawn a reverse shell. What is a reverse shell script? A reverse shell script is a script that will bind a shell to a TCP port of your choice. By setting up a listener to that TCP port on your attacking machine, you will be
In this blog post, I'll cover the basics of SQL Injection and demonstrate some examples. Source: xkcd.com What is SQL injection? SQL injections are amongst the most common web hacking techniques. Basically, a SQL injection is exploiting a vulnerability in a web application by injecting malicious SQL commands in an input field, allowing to bypass authentication; disclose, alter or delete data. The following answer on StackExchange explains the concept
Step by step Metasploit walkthrough Usually, the ultimate goal is to get a root shell on the target machine, meaning you have total control over that machine. I will demonstrate step by step how to obtain a root shell on the Metasploitable 3 virtual machine using Metasploit. You will see that hacking is not always straightforward and more than often, you need to start again or find alternative solutions. To
What is Netcat? Netcat is considered the Swiss-army knife in information security. Basically, it's a power version of the classic Telnet program, capable of numerous additional tasks like chatting, file transfer, port scanning, banner grabbing, opening remote shells to even setting up a honey pot. An important feature of Netcat is that it can serve both as a client and a server (more detail later). In this blogpost, I'll practice
Let's talk network scanning, which is a vital part of offensive security. Nmap The undisputed leader for network scanning is Nmap (Network mapper), which is a free and open source utility for network discovery and security auditing. It's not only used by security professionals, but also by system and network administrators for monitoring and managing purposes. Nmap is extremely powerful as its functions range from determining winch hosts are available,
Hi. I'm Dennis, I live in Belgium and am currently working as a security consultant. As long as I can remember, I have had a strong interest in technology and computers. Amongst things that interest me and experiments, you'll find here my notes on the road to my CISSP and OSCP certification. There are many very good blogs on information security. However, many security blogs assume deep technical knowledge or