Skip to main content

Posts

Showing posts from 2018

MSF ::EXITFUNC::

Quick note about MSF EXITFUNC. So what is EXITFUNC? EXITFUNC option is set to 'thread' by default, and it works fine in most cases, so we don't usually look into it much. But in some situations specifying a different EXITFUNC is necessary so that you can have a clean exit from the exploited box. There are 3 different values for EXITFUNC: THREAD: This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode in a sub-thread and exiting this thread results in a working application/system (clean exit) PROCESS: This method should be used with multi/handler. This method should also be used with any exploit where a master process restarts it on exit. SEH: This method should be used when there is a structured exception handler (SEH) that will restart the thread or process automatically when an error occurs. Might be useful when we wanted to generate a payload with MSFVENOM.

Side Note

I make this configuration file which to be copy later into the settings. Make sure download these two repos: dirsearch Seclists   ==Start copy here== [general] threads = 30 follow-redirects = True #exclude-status = 200,301 #recursive = False #scanner-fail-path = InvalidPath123123 save-logs-home = True [reports] autosave-report = True autosave-report-format = html [dictionary] #wordlist = test.dicc ###PHP-FUZZ### #wordlist = /path/to/SecLists/Discovery/Web-Content/PHP.fuzz.txt ###BACKUP&DB### #wordlists = /path/to/SecLists/Discovery/Web-Content/Common-DB-Backups.txt #wordlist = /path/to/SecLists/Discovery/Web-Content/CommonBackdoors-PHP.fuzz.txt ###FILES## #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-small-files.txt #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-medium-files.txt #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-large-files.txt ###DIRECTORIES### #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-s

RE .jar files

So, you got a jar file then how to decompile it? Here how to do it. First we have to extract jar file with these command: jar xf file.jar As results, it will append  .class files along with META-INF folder. As our objective to get information within the file. Next step, we need to inspect the .class but some of the content is unreadable. For that we need to use javap which will disassembles class file turn it into human readable form. javap -c file.class   Booyah!! Alternatively you can use JD-Gui to decompile .jar file.

Wardriving!

For Wardriving purpose I recently bought a GPS USB from Lazada for about RM112 To setup and configure on your virtual machine, in this case I'm using Kali Linux 2018. First we have to install gpsd and gpsd-clients. apt install gpsd -y apt install gpsd-clients -y After all the installation is finish, next we can to check does our USB GPS is detect by running: ls /dev/gps* If the command above does not work you may run this command: ls /dev/tty* and it should get an output like this: You will notice there is a bottom right /dev/ttyUSB0 we will use that to run our gpsd Next we have to run: gpsd -n -N -D4 /dev/ttyUSB0 To check whether your GPS receiver has locked onto statellites we can use cpsg which is used to test clients for gpsd, run the following command in a new tab or terminal window $ cgps -s Now, our final step, plug in your Alfa Antenna and fire up kismet!

Malware Simulation Test

Recently I just release my script written in python3 that will simulate a simple malware attack via Github The objective is to test your sensor IDS/IPS etc. Cheers!

It's just a script!

Instead of doing pentest, compliance scan is also part of my job to deliver to customer. Sometimes using a tools might get you headache if the tool scanner (Nessus) are not able to get a proper scan results. So, in order to simplified it. I make everything in automated way by write a simple bash script . Don't expect too much of it. It just run command  ssh-copy-id and scp a file into the target server. You have to write your own script bash, python or whatever you wanted.