dhaneshsivasamy07

ret2csu

I wanted to make a clean and simple explanation of ret2csu exploitation technique as I didnt get it easily with the ressources I found on google. As far as my understanding goes. You should take it with a grain of salt.

Tests carried on a AMD64 Linux Ubuntu.

Table of Contents

dhaneshsivasamy07

[Background]
Bold=false
Color=40,42,54

[BackgroundIntense]
Bold=false
Color=68,71,90

[Color0]
Bold=false

dhaneshsivasamy07

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

• analyze all: aa
• show sections: iS
• list functions: afl
• list imports: ii
• list entrypoints: ie
• seek to function: s sym.main

dhaneshsivasamy07

Assembly Language / Reversing / Malware Analysis -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

dhaneshsivasamy07

- Generate a ssh key
`ssh -t rsa -C <your-email>`
- Add the generated public ssh key to the SSH and GPG keys in the profile settings
- Check the configuration with
```bash
ssh -T git@github.com #might ask for adding in the trusted hosts
# output should be: Hi <github username> ! You've successfully authenticated, but GitHub does not provide shell access.
```
- Clone a repository with git
`git clone git@github.com:<user-name>/<repo>.git`

dhaneshsivasamy07

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module: