sharpicx

/*
 * This work (Modern Encryption of a String C#, by James Tuley), 
 * identified by James Tuley, is free of known copyright restrictions.
 * https://gist.github.com/4336842
 * http://creativecommons.org/publicdomain/mark/1.0/ 
 */

using System;
using System.IO;
using System.Text;

sharpicx

// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

// Get the hostname and username (if available)
hostname
echo %username%

// Get users
net users
net user [username]

sharpicx

First, get more info on system.

• systeminfo, whoami /priv*, set or echo %username%

  • check for Hotfixes, OS name, version, arch, environment variables & system (vm). Then look for vulns respective of system.

• reg query HKLM /f password /t REG_SZ /s, wmic or sc query

  • check for PS version, see if we can run reg query, wmic or sc commands for further info on system.

*Privilege escalation by abusing token privilege (foxglovesecurity blog). Required permission to escalate:

• SeImpersonatePrivilege

sharpicx

Reminders

Remember to log all the things!

• Metasploit - spool /home//.msf3/logs/console.log
• Save contents from each terminal!
• Linux - script myoutput.txt # Type exit to stop

Setup

sharpicx

docker build -t friendlyname .  # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyname  # Run "friendlyname" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyname         # Same thing, but in detached mode
docker exec -it [container-id] bash                  # Enter a running container
docker ps                                 # See a list of all running containers
docker stop <hash>                     # Gracefully stop the specified container
docker ps -a           # See a list of all containers, even the ones not running
docker kill <hash>                   # Force shutdown of the specified container
docker rm <hash>              # Remove the specified container from this machine
docker rm $(docker ps -a -q)           # Remove all containers from this machine

sharpicx

• XML GET

curl -H "Accept: application/xml" -H "Content-Type: application/xml" -X GET "http://hostname/resource"

• JSON GET

curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET "http://hostname/resource"

• JSON PUT

sharpicx

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

sharpicx

FILE SPACING:

 # double space a file
 sed G

 # double space a file which already has blank lines in it. Output file
 # should contain no more than one blank line between lines of text.
 sed '/^$/d;G'

sharpicx

• Crackmes.One https://crackmes.one/
• Reverse Engineering challenges https://challenges.re/
• Embedded Security CTF https://microcorruption.com/
• Beginner Malware Reversing Challenges https://www.malwaretech.com/beginner-malware-reversing-challenges
• RingZer0 https://ringzer0ctf.com/challenges

sharpicx

Command line options

-L: List of supported IO plugins
-q: Exit after processing commands
-w: Write mode enabled
-i [file]: Interprets a r2 script
-A: Analyze executable at load time (xrefs, etc)
-n: Bare load. Do not load executable info as the entrypoint
-c 'cmds': Run r2 and execute commands (eg: r2 -wqc'wx 3c @ main')
-p [prj]: Creates a project for the file being analyzed (CC add a comment when opening a file as a project)