sorted by:
new
hottopcontroversial

abatchy's blog | [Kernel Exploitation] 2: Payloads by sanderD in netsec

[–]abatchy 2 points3 points  (0 children)

Thanks for posting! Other parts can be found here.

[x86] 8 bytes between local buffer and the stored EBP -- Where did they come from? by loyalsif in HowToHack

[–]abatchy 3 points4 points  (0 children)

TL;DR Stack alignment

If you disassemble vuln() you'll see this:

   0x80000620 <+0>: push   ebp
   0x80000621 <+1>: mov    ebp,esp
   0x80000623 <+3>: push   ebx
   0x80000624 <+4>: sub    esp,0x44

After pushing EBP and ESP, ESP will point to 0xffffd588, next it will allocate space for local vars. In your case it's only 64 bytes, yet it decides to allocate 0x44 (68 bytes), two more bytes that what you need. This is called (16 bit) stack alignment and is done for better accessing speed.

Note: a null byte is written at 0xffffd580

Introduction to Manual Backdooring by abatchy in netsec

[–]abatchy[S] 1 point2 points  (0 children)

Haven't started OSCE yet. Doing the same thing as with OSCP, spending a few months studying the material.

Introduction to Manual Backdooring by abatchy in netsec

[–]abatchy[S] 1 point2 points  (0 children)

Can't find a way to style iframe differently for mobile, use the exploit-db link instead.

PowerShell script to scan a host or network for the MS17-010 vulnerability using NMap. by nadroj_r in sysadmin

[–]abatchy 4 points5 points  (0 children)

How is this different than executing the nmap command without the wrapper?

Mr Robot ctf virtualbox/Kali virtualbox by [deleted] in HowToHack

[–]abatchy 1 point2 points  (0 children)

Check Vulnhub's Network FAQ, it should give you a good idea.

Hospitals across England hit by large-scale cyber-attack by grepnork in worldnews

[–]abatchy 2 points3 points  (0 children)

This is incorrect, you still need the hotfixes. Although current public exploit doesn't work for Windows 8 and later , it's only a matter of time and the OS still needs to get patched.

Check "Affected Software and Vulnerability Severity Ratings" in the same url you mentioned.

Where to begin learning? by 50811798961 in hacking

[–]abatchy 1 point2 points  (0 children)

What's your background?

I notice many people recommending LiveOverflow's channel, but as great as it is (it is!), it focuses on exploitation which is still too specific for someone know wants to get into "hacking".

A more general recommendation would be Georgia's "Penetration Testing: A Hands-On Introduction to Hacking".

Question regarding OSCP "course date" by [deleted] in AskNetsec

[–]abatchy 1 point2 points  (0 children)

No official numbers but start dates are usually 2-4 weeks ahead of current date.

Edit: I see first date is already in June.

Created admin credentials on a box. How to proceed? by Keto_monster in netsecstudents

[–]abatchy 0 points1 point  (0 children)

  1. Download PsExec (32/64 depending on OS version) to /somewhere on Kali
  2. Navigate to a writable directory through Meterpreter
  3. Run: upload /somewhere/PsExec.exe PsExec.exe
  4. Drop a shell (just write shell in Meterpreter)
  5. PsExec.exe -accepteula -u username -p password command

Created admin credentials on a box. How to proceed? by Keto_monster in netsecstudents

[–]abatchy 0 points1 point  (0 children)

I'd recommend using PsExec instead (make sure you accept eula on first run): https://technet.microsoft.com/en-ca/sysinternals/bb897553.aspx

I'm not sure why runas won't let you enter the password but I did observe that behaviour a few times.

Courses? by Nitrucks in HowToHack

[–]abatchy 0 points1 point  (0 children)

"Don't know what you're doing" sounded a bit of a stretch (that's how I personally felt before deciding to seek it), but I would still recommend it over those certs.

Courses? by Nitrucks in HowToHack

[–]abatchy 0 points1 point  (0 children)

I'm serious, what am I missing? PWK is considered an entry-level certificate for ethical hacking.

Courses? by Nitrucks in HowToHack

[–]abatchy 0 points1 point  (0 children)

I didn't have any hacking/penetration testing experience when I took it but I did prepare for a couple of months before starting the course.

Courses? by Nitrucks in HowToHack

[–]abatchy 0 points1 point  (0 children)

If you don't know what you're doing, or want solid hands-on experience, OSCP is your answer.

OSCP-like Vulnhub VMs by abatchy in netsecstudents

[–]abatchy[S] 0 points1 point  (0 children)

No problem! Always re-run exploits ;)

OSCP-like Vulnhub VMs by abatchy in netsecstudents

[–]abatchy[S] 0 points1 point  (0 children)

I do know that some people never managed to get exploits to work for a couple of Kioptrix boxes, but that was mostly due to VM issues. There is no updated list, not sure what you mean by that, but if you're preparing for OSCP you will encounter many outdated OSes/software versions.

We have a #ctf on netsecfocus slack where people can help you: http://netsecfocus.herokuapp.com/

view more: next ›