Comments for GoSecure!

Comment on Create a custom shellcode using System() function by EA

EA — Fri, 29 Mar 2019 13:58:33 +0000

Would your command above work without escaping the backslashes?

Comment on Mysql_escape_string: the charset vulnerability by jiachen

jiachen — Fri, 25 May 2018 13:43:21 +0000

nice osce codes hahahahah

Comment on Setting up a ssh server on Kali linux by Ray

Ray — Wed, 21 Feb 2018 14:20:53 +0000

OMG! I’ve been starting to get so frustrated.
I’m a noob in ssh and kali/linux and this is the only detailed guide I have finally found (been searching for almost 2 days!!!).
Thank you so much!

Comment on Create a custom shellcode using System() function by frankgrimes

frankgrimes — Thu, 18 May 2017 15:50:17 +0000

A couple of things about the assembly you used that I think could shorten it up.

I believe you can just “call ” instead of loading the address of system() in a register and calling the register.

Instead of putting the address of the top of the stack (ESP) in EDI and then pushing that to the stack, I also think you can just do a “PUSH ESP”

Comment on Rougue Access Point using Kali Linux by gopi

gopi — Mon, 05 Dec 2016 18:30:12 +0000

a DHCP server working on the LAN where eth0 is connected..
How to do this??? what does it mean..
im using NAT in virtualbox and latest kali version..
dhcp server is my problem…

Comment on Create a custom shellcode using System() function by konstantinos

konstantinos — Mon, 07 Dec 2015 15:03:18 +0000

Nice post.!! Very informative!!!
i was wondering if we could use other functions except system() and winexec to accomplish the same results.

Comment on Mysql_escape_string: the charset vulnerability by carlos

carlos — Mon, 28 Sep 2015 23:22:35 +0000

I’m trying to play your example. But in both cases’ it is escaped. I find the way to introduce SQL injection. If I force the conezion to GBK if it works, but not how to force this without changing the file

Comment on Mysql_escape_string: the charset vulnerability by php doesn´t interpret my hex characters as hex | DL-UAT

php doesn´t interpret my hex characters as hex | DL-UAT — Sat, 30 May 2015 00:52:52 +0000

[…] Username and password are escaped before they are used in the querystr above. This means any apastroph(single quote) is escaped as well. I found a blog describing this very issue here: mysql_escape_string-the-charset-vulnerability. […]

Comment on Setting up a ssh server on Kali linux by 9jera

9jera — Thu, 02 Apr 2015 18:09:47 +0000

Great instruction here, its accurate and works.

Comment on Rougue Access Point using Kali Linux by Hugo

Hugo — Fri, 31 Oct 2014 15:34:07 +0000

I can see the AP when I run the `airbase-ng` command, but as soon as I enter the `brctl addif test-bridge at0` command it disappears. Even after completing all the steps it wont show up anymore. (Other devices and when using airodump-ng mon0)