Posts filed under Privilege escalation

Create a custom shellcode using System() function

Recently I have to write a custom shellcode that accommodate some specific features. Basically I have to avoid the use of some functions like WinExec() and ShellExecute() to create a remote code execution and insert it as payload in a test exploit. I have to search some other function that allow me to execute command… (read more)

The Password Attacks on Kali Linux. [Part 1]

This is a part of my article “The Password Attacks on Kali Linux” published on PenTest Magazine. I have the right to do up to 100 downloads of that magazines, so If you are interested on it you can download PenTest Extra 04_2013 for free using the following link. The only thing you need is… (read more)

SAM dump and Windows password decrypt.

The Windows passwords are stored and crypted in the SAM file (c:\windows\system32\config\). In the same folder you can find the key to decrypt it: the file SYSTEM. This two files are locked by the kernel when the operating system is up, so to backup it and decrypt you have to use some bootable linux distro,… (read more)

Create a domain user admin through an exploited PC

The server and pc hardening is the process of securing a system, limiting the surface that can be attacked. One of its role is to limitate the use of amministrative right. Nowadays users have to use an unprivileged accounts, also sysadmins have to remind this role when configuring service and scripts. Sometimes, to let centralized… (read more)