xp | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

xp

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Published September 21, 2009 |

Introduction In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server. The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !aslrdynamicbase, 2003, 4141414, 8, access violation, add esp, address space layout randomization, adjust ebp, adjust esi, alwaysoff, alwayson, aslr, before function returns, buffer, buffer overflow, bypass, call, compiler, cookie, data execution prevention, dep, dword ptr, exception handler, exploit, gs, hack, handler, immdbg, immunity, jmp, jump, Kifastsystemcallret, ldrpchecknxcompatibility, linker, loaded module, mov al, moveimages, next seh, non exec, nseh, ntsetinformationprocess, nx, ollydbg, optin, optout, partial overwrite, plugin, prevention, processexecute, protection, protectvirtualmemory, pvefindaddr, pycommand, python, ret2libc, safeseh, saved ebp, saved eip, se handler, se structure, sehop, stack, stack overflow, switch, virtual function call, vista, windbg, windows 7, xd, xp

Windows XP L2TP over IPSec dialup client VPN to a Juniper ScreenOS firewall, using Certificates

Published January 11, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Before looking at the various configuration steps, we’ll have to take the following assumptions into account : – We don’t want to use the Netscreen Remote client, but we want to use the Windows XP built-in dialup VPN technology that allows us to build PPTP or L2TP/IPSec connections. Juniper screenOS does not support PPTP (which […]

Posted in 001_Security, Juniper, Networking, Windows Client OS, Windows Server | Tagged auth, certificate, dialup, dynamic-vpn-pptp-juniper, ias, ipsec, Juniper, juniper-l2tp-vpn, juniper-ssg-active-directory-2008, juniper-ssg-vpn-howto-corelan, l2tp, nessus-over-l2tp, radius, screen-os-ssg20, screenos, vista, vpn, window, windows-7-screenos-vpn-ikev2, xp

Icons Shortcuts and SendTo items in Windows XP/2003/Vista/2008

Published July 8, 2008 |

By Peter Van Eeckhoutte (corelanc0d3r)

Fixing missing icons & shortcuts : Send To “Compressed Folder” is missing : Click Start->Run In the “open” box, type “cmd” (without the quotes) Click ok Enter the following command and press “return” rundll32 zipfldr.dll,RegisterSendto (you should not get any warnings or errors) The first time you are trying to zip, you may be prompted […]

Posted in Windows Client OS, Windows Server | Tagged 2000, 2003, 2008, all-users-send-to-windows-2003, desktop-icon-missing-from-quick-launch-serve-2003, how-sendto-xp-items, icons, internet explorer, internet-explorer-icon-missing-in-xp-quick-launch, lock computer, microsoft-nlb-and-juniper-ssg, missing, send-to-compress-shortcut-missing-xp, send-to-shortcut-missing, shortcut, ssg-nlb, user32.dll, vista, windows-2008-sendto, xp

Open a command prompt with system rights in Vista (and XP)

Published April 13, 2008 |

By Peter Van Eeckhoutte (corelanc0d3r)

First of all, download psexec from the Microsoft website. http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx From and elevated/admin command prompt (cmd.exe, “run as administrator”), run psexec –s cmd.exe C:\>whoami peter C:\>psexec -s cmd.exe PsExec v1.83 – Execute processes remotely Copyright (C) 2001-2007 Mark Russinovich Sysinternals – www.sysinternals.com Microsoft Windows [Version 6.0.6000] Copyright (c) 2006 Microsoft Corporation. All […]

Posted in Windows Client OS | Tagged cmd-with-system-privileges-win-xp, cmd-with-system-rights, command prompt, command-prompt-system-right, elevate-command-prompt-exploit-vista, elevated-cmd-exploit, how-to-open-elevated-command-prompt-psexec, metasploit-command-prompt-system-rights, open-command-prompt-system, psexec, psexec-elevated-command-prompt, psexec-start-elevated-command-prompt, psexec-v1-83-download, psexec-with-elevated-cmd-exe, psexec-xp-whoami, russinovich, sysinternals, system permissions, vista, xp

Run explorer window with administrator rights in Vista

Published April 13, 2008 |

By Peter Van Eeckhoutte (corelanc0d3r)

Easy, don’t you think ? Right click explorer(.exe), choose “run as administrator” and you’re set ? Nope – doesn’t work ! And this is why The UAC (User Account Control) feature in Vista provides a user with two tokens when he logs on… a token that is bound to his real user rights, […]

Posted in Windows Client OS | Tagged administrator, corelan-windows-uac, explorer, explorer-exe-administrative-right, explorer-vista-administrator, run-as-administrator-explorer-vista, run-explorer-as-administrator-in-windows-2008-r2, run-explorer-as-administrator-server-2008, run-explorer-as-administrator-vista, run-explorer-as-administrator-windows-2008-r2-server, run-explorer-with-administrative-rights, running-explore-as-an-admin, separate process, vista, vista-explorer-administrator, vista-open-explorer-administrator, vista-run-explorer-as-administrator, windows-2008-open-as-administrator, windows-2008-run-explorer-administrator, xp

Enable incoming icmp (ping) in Vista

Published April 13, 2008 |

By Peter Van Eeckhoutte (corelanc0d3r)

By default, Vista has the Windows Firewall is turned on. This means that all incoming connections are being blocked. This may be a good thing in certain cases, but not restrictive enough in most cases, because all outgoing traffic would be allowed, so either additional rules need to be set up, or Windows Firewall should […]

Posted in Windows Client OS | Tagged allow-icmp-incoming-outgoing-vista, firewall, how-to-shut-off-incoming-icmp, icmp, icmp-vista, icmp-vista-ping, icmpsetting, incoming-connection-to-icmp, incoming-icmp, incoming-icmp-enable, incoming-icpm, netsh, ping, turn-on-ping-in-vista, turn-ping-on-in-vista, vista, vista-firewall-icmp-incoming, vista-icmp, what-is-incoming-icmp, xp

Howto reset offline files in XP and Vista

Published April 13, 2008 |

By Peter Van Eeckhoutte (corelanc0d3r)

Windows XP Method 1 1. In Folder Options, on the Offline Files tab, press CTRL+SHIFT, and then click Delete Files. The following message appears: The Offline Files cache on the local computer will be re-initialized. Any changes that have not been synchronized with computers on the network will be lost. Any files or folders made […]

Posted in Windows Client OS | Tagged --, disable-offline-files-xp, formatdatabase, formatdatabase-offline-files, group-policy-to-reinitialize-offline-cache-xp, how-to-disable-offline-files-windows-xp-command-line, metasploit-rename-file-reg, netcache, offline files, offline-file-registory-vista-disable, offline-files-reset-xp, reset-offline-files, reset-vista-csc, resetting-offline-available, restting-offline-folders-in-xp, script-to-reinitialize-offline-files, sync-offline-files-2008-server-xp, vista, windows-xp-reset-offline-files-database, xp

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Windows XP L2TP over IPSec dialup client VPN to a Juniper ScreenOS firewall, using Certificates

Icons Shortcuts and SendTo items in Windows XP/2003/Vista/2008

Open a command prompt with system rights in Vista (and XP)

Run explorer window with administrator rights in Vista

Enable incoming icmp (ping) in Vista

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!