Windows API Function Definitions

Posted by scriptjunkie in Uncategorized on January 16, 2012

All of them. Or at least a good chunk of ’em. Why? Because sometimes you just need to know what the parameters are for some obscure function. Download here: winapi.txt and enjoy.

No Comments

Network Nightmare (Intel)

Posted by scriptjunkie in Uncategorized on December 17, 2011

You can see the slides I put together for my talk Network Nightmare – Intel PXE at http://www.scriptjunkie.us/wp-content/uploads/2011/10/Network-Nightmare-Intel.pdf. It is a modification of the Defcon talk, and adds some lessons learned/suggestions for developers. I also added a few slides evaluating the PXE attack according to the most common vulnerability severity criteria, as if it was […]

2 Comments

Fragerizer – profile-guided load-order disk optimizer

Posted by scriptjunkie in /dev/urandom on September 14, 2011

A full load of the Metasploit GUI with database entails accessing almost 10,000 objects on disk. Even if you defragment your hard drive, you still wait for the access time of the disk to seek and access each file.

It would be faster if each file and directory was laid out on disk in the order that it would be accessed to load more quickly. So I wrote fragerizer, a smallish utility to perform that arranging for you. And invented a new word:

Fragerize. v. To defragment and arrange files & directories sequentially on disk in order of use.

, , , , ,

No Comments

Original Source Forgery

Posted by scriptjunkie in /dev/urandom, webapps on September 8, 2011

If you were looking for vulnerabilities on a website, you might open up the original page source looking for commented-out code, javascript source, hidden forms, etc. If you suspected an XSS attack on your own site, chances are you might right-click on the page and view source to check for unwanted scripts. If you needed to register for CTP, hack this site, or read the snarky comments in the HTML of www.defcon.org, you would probably need to view the page source.

This is all based on your assumption that when you right-click on the page and select “View Source” the text you see is the HTML source that the server sent to your browser when it requested the URL in your address bar. Unfortunately if you assumed this, you would be wrong […]

, , , , , ,

11 Comments

Writing Meterpreter Extensions

Posted by scriptjunkie in Metasploit on August 27, 2011

Railgun and other meterpreter functionality is awesome and can do almost everything you would like on a compromised system, but sometimes, due to performance or bandwidth requirements or just weird threading issues, you need to be able to run compiled code on a target. You can upload an executable to a system and run that, […]

, ,

2 Comments

Custom payloads in Metasploit 4

Posted by scriptjunkie in Metasploit on August 14, 2011

One of the key features of Metasploit is the customization of the framework; for example, different payloads can be generated with many different options and placed in any of a large number of exploits. Custom scripts can be written with many commands for automated post-exploit actions. Nevertheless, there have still been a number of customizations […]

, , , , , ,

3 Comments

Network Nightmare – PXE talk at Defcon

Posted by scriptjunkie in Exploits, Metasploit on August 8, 2011

Hope you were able to see my talk at Defcon 19, Network Nightmare – Ruling the Nightlife Between Shutdown and Boot with PXEsploit. If not, you can see the slides here and watch the demos below. As a quick summary, the Preboot Execution Environment, available on almost all motherboards as “Network Boot,” provides a way […]

, ,

9 Comments

Bypassing DEP/ASLR in browser exploits with McAfee and Symantec

Posted by scriptjunkie in Exploits on June 28, 2011

[Also found this lingering on my hard drive from earlier this year, the recent exploits using Java to do the same thing reminded me of this. But I think it’s still valid, so here you go. Useful if the target doesn’t have Java I guess.] Vanilla Firefox doesn’t seem to be missing ASLR/DEP protection; the […]

8 Comments

Firefox Exploit Analyzed

Posted by scriptjunkie in Exploits, Metasploit on June 28, 2011

[I found some old posts lurking around my hard drive from a few months ago. This is no longer the newest or best Firefox exploit, but you might find it interesting] To learn a little bit more about exploit development and RE I took a look at the latest Firefox exploit in exploit-db ( http://www.exploit-db.com/exploits/15352/); […]

, , , , , , , , , , , ,

No Comments

System Kill

Posted by scriptjunkie in Metasploit on May 12, 2011

Most Metasploit modules are intended to be as “safe” as possible; to get access to a system and get information from it, hopefully without causing any serious crashes, all great for a pen test. But if you’re in a CTF or other competition, sometimes you are finished with the system you’re on and just want […]

6 Comments