-
Recent Posts
- HEVD – Race Condition – Windows 10 Pro – SMEP, kCFG, kASLR protections
- HEVD: Write-What-Where – Windows 10 Pro (SMEP, kCFG, kASLR)
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Death Note
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Pet Companion
- Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT
Recent Comments
- Xavi on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Xavi on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
- junsec on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
Archives
Categories
Meta
Author Archives: Xavi
Shellcoding Linux x86 XOR Encoder
Following the SLAE course I found an interesting subject that is how to create an encoder to hide our original shellcode. In this case we are going to use the XOR operation because it has the following property: (A xor … Continue reading
Posted in Exploiting
Tagged Assembly, exploit-db, exploiting, hacking, linux, shellcode, shellcoding, SLAE, x86
Leave a comment
Shellcoding Linux x86 STACK technique (3/3)
Hello, in this post I will explain how to use execve syscall in a shellcode using the stack technique, the purpose of this shellcode is the same as the last shellcode from the previous post. As I told you in … Continue reading
Posted in Exploiting
Tagged Assembly, exploit-db, exploiting, hacking, linux, shellcode, shellcoding, SLAE, x86
Leave a comment
Shellcoding Linux x86 JMP-CALL-POP technique (2/3)
Following the last article content, we are going to pop a shell instead of printing Hello World in the screen. To do this we are going to use the Execve syscall. This syscall allows us to execute a new program … Continue reading
Posted in Exploiting
Tagged Assembly, exploit-db, exploiting, hacking, linux, shellcode, shellcoding, SLAE, x86
Leave a comment
Shellcoding Linux x86 JMP-CALL-POP technique (1/3)
Currently I’m studying SLAE certification of Pentester Academy and I found a really interesting video that explained this technique. I’m going to follow the course instructions step by step and try to explain it here the best as I can. … Continue reading
Posted in Exploiting
Tagged Assembly, exploit-db, exploiting, hacking, linux, shellcode, shellcoding, SLAE, x86
Leave a comment
Introduction to Assembly
In this article I’m going to write a quick introduction to intel x86 assembly language. We are going to create a program, that is going to print a sentence in the screen. Before starting programming, we need to know a … Continue reading
Posted in Exploiting
Tagged Assembly, exploit-db, exploiting, hacking, linux, shellcode, shellcoding, SLAE, x86
Leave a comment
SQL Injection 4
Time to move on to time-based SQLi. Time based SQLi The process is almost the same as boolean-based. The thing that changes is the way to identify a true condition. Let’s visit level 9 of sqlilabs. The way to … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
SQL Injection 3
In this article I’m going to explain step by step how you can extract information of a database using a blind boolean based SQLi vulnerability. Blind boolean based SQLi First of all we need to understand what a boolean … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
SQL Injection 2
Let’s continue understanding SQL injections. This time we are going to focus on understanding how to exploit more complicated SQL injections manually. Error/Doble Query To understand Error-based SQLi, we need to start doing lesson 5 and 6 of the … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
SQL Injection 1
Introduction The purpose of this post is not to teach you how to exploit a SQL Injection vulnerability, if you are just looking for that, just google sqlmap. In this article I will try to explain to you how SQL … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
How to learn to hack?
I guess everyone that works in Infosec world has heard these words: “How can I learn to hack?” or “What I need to learn to be a hacker?”. There are a lot of people that are curious and wants to … Continue reading