Buffer Overflow, Guides, Stack Buffer Overflow

Complete Guide to Stack Buffer Overflow (OSCP Preparation)

Introduction

Stack buffer overflow is a memory corruption vulnerability that occurs when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer, therefore overflowing to a memory address that is outside of the intended data structure.

This will often cause the program to crash, and if certain conditions are met, it could allow an attacker to gain remote control of the machine with privileges as high as the user running the program, by redirecting the flow execution of the application to malicious code.

The purpose of this guide is to teach the basics of stack buffer overflow, especially for students preparing for the OSCP certification exam.

February 10, 2021 | by Stefano Lanaro | 12 Comments

Buffer Overflow, Guides, Stack Buffer Overflow

Stack Buffer Overflow – Exploiting SLMail 5.5

Introduction

This guide will demonstrate the various steps involved in exploiting the remote buffer overflow vulnerability that is present in the Seattle Lab Mail (SLMail) 5.5 POP3 application, in order to gain remote access to a vulnerable machine.

A POC along with the vulnerable software can be found at this link.

February 7, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Runas (Stored Credentials)

Introduction

Runas is a Windows command-line tool that allows a user to run specific tools, programs or commands with different permissions than the user’s current logon provides.

If a user’s credentials are cached in the system, the Runas command can be run using the /savecred flag which will automatically authenticate and execute the command as that user.

February 3, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Token Impersonation

Introduction

Token impersonation is a technique through which a Windows local administrator could steal another user’s security token in order to impersonate and effectively execute commands as that user.

That are certain privileges in Windows that, if enabled, could lead to an attacker escalating privileges to SYSTEM, through various tools that have been designed to specifically exploit this vulnerability.

January 28, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Credentials Harvesting

Introduction

Windows systems and applications often store clear text, encoded or hashed credentials in files, registry keys or in memory.

When gaining initial access to a Windows machine and performing privilege escalation enumeration steps, often passwords can be found through these means and they can be used to further escalate privileges.

January 27, 2021 | by Stefano Lanaro | Leave a comment

Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Sudo Commands/Binaries

Introduction

Sudo is a Linux utility that allows users to run commands with the privileges of another user, when no arguments are provided, this will execute the command as the root user.

If sudo is not configured correctly, this could allow attackers to escalate their privileges to root.

January 25, 2021 | by Stefano Lanaro | Leave a comment

Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Kernel Exploits

Introduction

The kernel is a component of the operating system that sits at the core of it, it has complete control over everything that occurs in the system. Because of this, exploiting vulnerabilities in the kernel will pretty much always result in a full system compromise.

Kernel exploits affect a certain version of a kernel or operating system and they are generally executed locally on the target machine in order to escalate privileges to root.

January 22, 2021 | by Stefano Lanaro | Leave a comment