So after using csharp to inject shellcode I wanted to see what other languages were able to directly write to and call memory locations.
As I’ve been working my way through The SecurityTube Python Scripting Expert course I decided it made sense to see if it was possible with python.
A quick google found me a href=”http://www.debasish.in/2012/04/execute-shellcode-using-python.html” target=”_blank”>this post by Debasish. FULL credit for this work goes to Debasish, this post is purely… Continue reading
Okay, so the first thing you’re wondering is “Why the hell would you want to do this?”
Well the answer becomes more obvious when the scenario is set: You’re on a social engineering job and you’ve managed to gain access to the target building, you walk around for a bit to see if any of the desks look free. After a while you decide to sit down at… Continue reading
Credit for most of the below comes from Mubix who has created a few documents (on google docs) that lists what to actually do once shell access has been gained. You can read more about it here and find the links to the docs, I’m simply blogging about it to make a summary of this for myself.
Meterpreter Post Auth
Information Gathering
12345678910getuid getpid getsprivs sysinfo screenshot run winenum.rb run… Continue readingSo we’ve all played with RID cycling and GetAcct.exe but lately I guess we’ve not been pulling this out of our bag. Protection against this is now normal so we need a new way to enumerate usernames against a given domain. New info on this website is pointing towards a tool called ebrute that will allow enumeration of kerberos without having to take a password guess. On a decent machine… Continue reading
So you’ve got access to a box but it’s only as a local user and you want SYSTEM like most people, step in 18176.py. As this code was written in python you’ll need a local copy of python on the box in order to priv up.
1234567C:\Documents and Settings\user\Desktop>18176.py Usage: 18176.py -O TARGET_OS Options: -h, --help show this help message and exit … Continue reading