Wednesday, November 7, 2018

Antivirus Evasion Tools

Thursday, November 1, 2018

ollydbg quickstart guide

phrack: History and Advances in Windows Shellcode


Firewall is everywhere in the Internet now. Most of the exploits released in the public have little concern over firewall rules because they are just proof of concept. In real world, we would encounter targets with firewall that will make exploitation harder. We need to overcome these obstacles for a successful penetration testing job. The research of this paper started when we need to take over (own) a machine which is heavily protected with rigid firewall rules. Although we can reach the vulnerable service but the strong firewall rules between us and the server hinder all standard exploits useless. 

The objective of the research is to find alternative ways which allow penetration tester to take control of a machine after a successful buffer overflow. A successful buffer overflow in a sense that it will eventually leads to arbitrary code execution. These alternative mechanisms should succeed where others fail even in the most rigid firewall rules. 

In our research to find a way to by pass these troublesome firewall rules, we looked into various existing techniques used by exploits in the public and why they fail. Then, we found several mechanisms that will work, but dependence to the vulnerable service. Although we can take over the server using these techniques, we take one step further to develop a more generic technique which is not dependence to any service and can be reuse in most other buffer overflows. 

This paper will start with dissection on a standard Win32 shellcode as an introduction. We will then explore the techniques being used by proof of concept codes to allow attacker to control the target and their limitations. Then, we will introduce a few alternatives techniques which we call "One-way shellcode" and how they may by pass firewall rules. Finally, we also discussed on a possible way to transfer file from command line without breaking the firewall rule.

SEH - Structured Exception Handler EXPLOITATION



References: (Watch it)

Wednesday, October 24, 2018

Libssh Authentication Bypass Vulnerability Exploit (CVE-2018-10933)


Docker image:

Pico CTF 2018 Web Exploitation Writeup

running kali docker image on linode

$ docker pull kalilinux/kali-linux-docker
$ docker run -t -i kalilinux/kali-linux-docker /bin/bash
# apt-get update && apt-get install metasploit-framework

Saturday, October 20, 2018

Wednesday, October 17, 2018


Control DNS responses
ApateDNS™ is a tool for controlling DNS responses though an easy-to-use GUI. As a phony DNS server, ApateDNS spoofs DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine. ApateDNS also automatically sets the local DNS to localhost. Upon exiting the tool, it sets back the original local DNS settings.


Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.

PEiD tool

PEiD detects most common packers, cryptors and compilers for PE files.
It can currently detect more than 470 different signatures in PE files.


3.1Main interface
3.2Section Viewer
3.3PE disassembler
3.4PE details
3.5Extra information
3.6.2Generic OEP Finder
3.7Krypto Analyzer

Thursday, October 11, 2018

Saturday, October 6, 2018

Friday, October 5, 2018

Google dorks: SQL injection


Cross-platform post-exploitation tool mainly written in python

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Wednesday, October 3, 2018

Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By

httpd.conf or apache.conf rows: 
ServerSignature Off 
ServerTokens Prod

php.ini row: 
expose_php = Off

The Art of Subdomain Enumeration

Rapid7 DNS dataset

Google Dorking:


Monday, October 1, 2018

popcorn-time: Watch torrent movies instantly

Watch torrent movies instantly

This Popcorn Time service will never be taken down. Download and enjoy.

Using websockets to easily build GUIs for Python programs

Websocket teknolojisinin kullanımı ile alakalı faydalı bir örnek.

nmap options/ideas to avoid Firewall

Packet fragmentation 

Modify default MTU: 
--mtu 24 

Random number of decoys 
-D RND:10 

Change Source port:
--source-port 80 

Append Random Data to Packet: 
--data-length 25 

MAC Address Spoofing 
--spoof-mac Dell/Apple/3Com