NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

Finding Public Exploits

Peleus

There are thousands of exploits out in the wild, even more being traded privately or held back as 0 days. Clearly we want to get access to as many of these resources as we can to maximize the chance of successful exploitation. A warning must be given to anyone downloading exploits. There are several fake exploits out there specifically designed to harm or destroy your computer. Never download exploits from a source and run them without first checking what they do and what commands they will be executing on your system. It’s highly recommended that you decode any encoded values to find what they actually mean. For example this exploit when decoded runs the “rm -rf” command on your system. Saying that, some of the resources outlined here such as exploit-db and security focus can be considered pretty trustworthy.

[Read more…]

Filed Under: Basic Information Tagged With: exploit-db, exploits, public, searching

Simple Buffer Overflows

Peleus

This post will detail how to find a simple buffer overflow, gather the information you need to successfully exploit it and how to eventually get a reverse shell against someone running this program. There are ton’s of exploits that be used for an example, but this post will highlight PCMan’s FTP Server 2.0.7, simply because it was one of the first ones I found on exploit-db and it was relatively simple.

Requirements
The following is the ideal requirements for following the guide. If you cannot or don’t wish to use identical software or versions that’s fine, but I can’t guarantee that you won’t need to make modifications to get a proof of concept working.

  • Windows XP – SP3 Virtual Machine (Victim).
  • Kali Linux Virtual Machine (Attacker).
  • OllyDbg v1.10 on Windows XP (Available here).
  • PCMan’s FTP Server 2.0.7 (Available here under ‘vulnerable application’ link at the top of the page).
  • A very basic understanding of x86 Assembly.
  • A very basic understanding of Python.
  • Be interested enough to learn and experiment.

[Read more…]

Filed Under: Tutorials Tagged With: buffer overflow, exploit writing, exploits, hacking

Copyright © 2022 · Genesis Sample on Genesis Framework · WordPress · Log in