Shellcoding in the Upsidedown

Posted Leave a comment

Good ol’ shellcoding….shellcoding in the Land o’ Kernel. So there are readily available payloads that you are able to use in HackSysTeam’s repo which you can find here; but what fun is that if you’re just going to copy and paste?! Roll up the sleeves because it’s. About. To. Go. Down. Functions used: CreateFile DeviceIoControl […]

Stack Overflow in HEVD

Posted Leave a comment

So lately, I have been diving into Windows Kernel Exploitation with the goal of attending Offensive Security’s Advanced Windows Exploitation course. All this is a journey that’s for sure! Anyways, this is the first exploit I did on drivers using HackSysTeam’s Extreme Vulnerable Driver. I will be writing these PoC’s in CPP to get used to […]

Zico2 Walkthrough

Posted Leave a comment

Good evening, gents! Me and one of the guys (H4v0k) decided to tag team a VM this kickass evening to finish our kickass day with some kickass root hax. To follow along, you can download the image from here. Quick run-down: Enumeration Checking for vulnerabilities Test Get root Exploits used: PHPLiteAdmin v1.9.3 3.5 Kernel Exploit […]

Some Shellcoding Examples

Posted Leave a comment

Doing shellcode is always amazing! Getting down to the nitty gritty is always fun! For this post, we will be taking a look at making our own shellcode, however, it will not go into resolving the addresses that we need. Also, keep in mind this isn’t THE way, but A way! As a side note, […]

hackfest2016: Sedna Walkthrough

Posted 5 Comments

VM’s are coming in like crazy! Christmas all over again 🙂 This VM is called Sedna and was a pretty fun and interesting one. Quick run-down: Enumeration Exploitation Read flag Exploits used: Chkrootkit 0.49 Just like our last one, the author graced us with giving us the IP of the machine. Let’s see what we […]

Pluck: 1 Walkthrough

Posted Leave a comment

Yesterday, a VM was published on Vulnhub called Pluck: 1. You can get that here. This was a pretty interesting VM, as you shall soon see. Quick run-down: Enumeration Get ass kicked Exploitation Read flag Exploits used: DirtyCow The author of the VM had done us a favor by showing the IP address the VM […]

Deflowering Innocent Applications

Posted Leave a comment

There are several applications that you can use without the need to install them such as: PuTTY Rufus UNetbootin Any tool from SysInternal Tools You get the idea. The application that I will be using is called GifCam and as always, I highly encourage for the reader to download, follow along, and learn the ways of backdooring exe’s. You […]

Ascii of D00M

Posted Leave a comment

WooWEEE!! You guys are going to be. in. for. a. treat! Have you guys ever encoded your own payloads?? You will now if you follow along!! For this tutorial, I am going to be using SipXezPhone. This application is vulnerable to yet another SEH Overflow due to a long CSeq header. By now, you should […]

Egghunting Sorcery

Posted 1 Comment

  This post is going to piggyback off my last post of “Stacks and Handlers and Python, oh my!“. So to follow along, please take the few seconds to head to that page, and definitely download the vulnerable software. If you do not have WinDBG, Immunity, or Mona…that page will have the downloads for them as […]