keithrozario’s gists

keithrozario / NCAT and SANS

Created March 10, 2017 10:02

	http://nc110.sourceforge.net/
	https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

	NCat for Windows:
	https://nmap.org/book/inst-windows.html

	Sed Tutorial:
	Regular Expression: http://www.grymoire.com/Unix/Regular.html#uh-2
	Sed itself: http://www.grymoire.com/Unix/Sed.html#uh-0
	Sed itself: https://www.tutorialspoint.com/sed/

keithrozario / BufferOverflow SLMail

Last active March 21, 2017 04:49

	https://dgmsp.blogspot.sg/2016/11/xstack-overflow-1-exploiting-slmail.html
	https://www.nccgroup.trust/au/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/
	https://markushelfer.wordpress.com/2014/07/27/fuzzing-and-exploiting-slmail/
	https://www.exploit-db.com/exploits/638/


	ROP Primer & Bypassing DEP:
	https://speakerdeck.com/barrebas/rop-primer
	https://en.wikipedia.org/wiki/Return-oriented_programming
	https://tehaurum.wordpress.com/2015/06/24/exploit-development-stack-buffer-overflow-bypass-nxdep/

keithrozario / CyberWarfare with North Korea

Created March 21, 2017 04:53

	https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
	https://techcrunch.com/2015/04/12/fireeye-apt-30-southeast-asia-india-report/
	https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141212_Past_North_Korean_Cyber_Attacks_Capability.pdf
	http://securityaffairs.co/wordpress/57226/apt/symantec-lazarus-apt-banks.html
	https://blog.kaspersky.com/operation-blockbuster/11407/
	https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
	http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf

keithrozario / Explot

Created March 21, 2017 15:04

Starhub vulnerable router

https://www.exploit-db.com/exploits/40805/

keithrozario / Kibana Stuff

Last active March 31, 2017 03:54

	//Installing Elasticsearch
	https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-elasticsearch-on-ubuntu-16-04

	//SQLITE to JSON
	https://github.com/fitnr/sqlite-json

	//Posting to Elasticsearch
	https://www.elastic.co/guide/en/kibana/current/tutorial-load-dataset.html

	$ curl -s -XPOST localhost:9200/_bulk --data-binary @requests

keithrozario / BufferOverflow testing msfvenom

Created March 31, 2017 06:14

Buffer Overflow

	use msf to generate shellcode to launch calc.exe (simple and easy)
	use msfvenom to generate reverse shell - > .exe and test if this works

	Only then, execute the payload via the buffer overflow.

keithrozario / Metasploit Questions

Created April 3, 2017 14:40

https://community.rapid7.com/message/27138

keithrozario / PWK Syllabus

Created April 10, 2017 09:27

	Chapter Title
	1.1 Finding Your Way Around Kali
	1.1.1 Booting Up Kali Linux
	1.1.2 The Kali Menu
	1.1.3 Find, Locate, and Which
	1.1.4 Exercises
	1.2 Managing Kali Linux Services
	1.2.1 Default root Password
	1.2.2 SSH Service
	1.2.3 HTTP Service

keithrozario / Wake on Lan

Created April 10, 2017 09:39

https://www.cyberciti.biz/faq/ubuntu-linux-wake-on-lan-client-command-installation-examples/

keithrozario / SETUID explanation

Created June 12, 2017 04:11

PrivEsc ; $PATH and SetUID


	2
	down vote
	accepted
	The attacker is attempting to get a shell running as the DavidGilmour user. Based on their explorations, the decision is to try to exploit a vulnerability in the shineon binary because that binary is setuid to DavidGilmour:

	$ ls -lah /usr/local/bin/shineon
	-rwsr-s--- 1 DavidGilmour RichardWright 7.3K Oct 25 07:58 /usr/local/bin/shineon
	Notice the s in the permissions. That indicates that when shineon is run, it will run as DavidGilmour. But as shineon is a program of limited functionality, it doesn't have a start shell command. Instead, the attacker looks at the functionality the shell provides:

Keith Rozario keithrozario