Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
Introduction In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server. The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return […]
Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins that will help you speed up this process. A typical exploit writing toolkit arsenal should at […]
Installing Windows 7 from a USB key
Microsoft has announced that it will support Windows 7 installations from a USB key. This will allow people to install Windows 7 on systems that do not have a DVD drive (yes, Windows 7 will also run quite fast on your old notebook that only has 1Gb of RAM and does not have a DVD […]
Fixing ‘Compatibility Mode grayed out’ or ‘Unable to enable Run as administrator’ on Vista / Windows 2008 Server
Ever wondered how you can set Compatibility Mode on executables under Vista / Windows 2008 server when the settings (or even the entire tab) has been disabled ? Or make the application “run as administrator” permanently, and you’ve found that this setting is disabled ? All of the settings in the Compatibility tab can be […]
Windows XP L2TP over IPSec dialup client VPN to a Juniper ScreenOS firewall, using Certificates
Before looking at the various configuration steps, we’ll have to take the following assumptions into account : – We don’t want to use the Netscreen Remote client, but we want to use the Windows XP built-in dialup VPN technology that allows us to build PPTP or L2TP/IPSec connections. Juniper screenOS does not support PPTP (which […]
Icons Shortcuts and SendTo items in Windows XP/2003/Vista/2008
Fixing missing icons & shortcuts : Send To “Compressed Folder” is missing : Click Start->Run In the “open” box, type “cmd” (without the quotes) Click ok Enter the following command and press “return” rundll32 zipfldr.dll,RegisterSendto (you should not get any warnings or errors) The first time you are trying to zip, you may be prompted […]
IP Autotuning in Vista
At any given time, the amount that TCP can send is governed by three factors: the congestion window, the receive window and the number of bytes available to send. Without using TCP window scaling (which is disabled by default in previous versions of Windows), the maximum receive window a receiver can advertise is 64K bytes. […]
System/Disk Backup in Vista using command line script
Microsoft has implemented a really neat feature in Vista Business, Enterprise and Ultimate, allowing you to perform a full disk or even system backup, while the system is running. This new backup tool used Block Level backup and uses Volume Shadow Copy to backup open files (however, it is advised to close your applications while […]
Open a command prompt with system rights in Vista (and XP)
First of all, download psexec from the Microsoft website. http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx From and elevated/admin command prompt (cmd.exe, “run as administrator”), run psexec –s cmd.exe C:\>whoami peter C:\>psexec -s cmd.exe PsExec v1.83 – Execute processes remotely Copyright (C) 2001-2007 Mark Russinovich Sysinternals – www.sysinternals.com Microsoft Windows [Version 6.0.6000] Copyright (c) 2006 Microsoft Corporation. All […]
Run explorer window with administrator rights in Vista
Easy, don’t you think ? Right click explorer(.exe), choose “run as administrator” and you’re set ? Nope – doesn’t work ! And this is why The UAC (User Account Control) feature in Vista provides a user with two tokens when he logs on… a token that is bound to his real user rights, […]
Donate
Your donation will help funding server hosting.
