NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

Converting Metasploit Module to Stand Alone

Peleus

Sometimes you might want to have a stand alone exploit, but the only option out there is a Metasploit module. Sure you could always just fire up Metasploit and use it… but what fun would that be? Besides it’s great to understand what’s going on under the hood of the Metasploit modules for both getting a handle on writing your own exploits and in the future even writing your own Metasploit modules and contributing back to the fantastic project.

Requirements

  • Windows XP – SP3 Virtual Machine (Victim).
  • Kali Linux Virtual Machine (Attacker).
  • Allied Telesyn TFTP Server 1.9 (Available here).
  • A willingness to give things a go.

[Read more…]

Filed Under: Tutorials Tagged With: exploit writing, hacking, metasploit

Simple Buffer Overflows

Peleus

This post will detail how to find a simple buffer overflow, gather the information you need to successfully exploit it and how to eventually get a reverse shell against someone running this program. There are ton’s of exploits that be used for an example, but this post will highlight PCMan’s FTP Server 2.0.7, simply because it was one of the first ones I found on exploit-db and it was relatively simple.

Requirements
The following is the ideal requirements for following the guide. If you cannot or don’t wish to use identical software or versions that’s fine, but I can’t guarantee that you won’t need to make modifications to get a proof of concept working.

  • Windows XP – SP3 Virtual Machine (Victim).
  • Kali Linux Virtual Machine (Attacker).
  • OllyDbg v1.10 on Windows XP (Available here).
  • PCMan’s FTP Server 2.0.7 (Available here under ‘vulnerable application’ link at the top of the page).
  • A very basic understanding of x86 Assembly.
  • A very basic understanding of Python.
  • Be interested enough to learn and experiment.

[Read more…]

Filed Under: Tutorials Tagged With: buffer overflow, exploit writing, exploits, hacking

Copyright © 2019 · Genesis Sample Theme on Genesis Framework · WordPress · Log in