Thanks daedalus1776, but I can't use the bufferoverflow ways. The program uses virtualalloc to make a thread in iexplore.exe and copys some shellcode that calls loadlibary to run a dll.
The problem...

Cheers for the link

Hi
I've been trying to change a programs memory to jump to some shellcode, i've got the shellcode in there and have changed some data in the TIB region but the program keeps crash as other code uses...

Thanks
I'll try Metasploit.

Being expeminting with shells and the old way of create-process and pipes doesn't seem to work on win 7
Was complied on visual studio express C++ 2010

http://pastebin.com/uTFNbbjQ

daedalus1776 it is remote, cmd shell, but would beable to upload files

IronPunch what api would you use, dllinjection?
Rastamouse, Can you create a exe that adds a admin account, I really don't know much about Metasploit, what command would I type

Thanks

Hi
Is there any way to get admin privielage from a user account on windows 7, tools or command line

Thanks

Hi
In virtualbox, you could setup the VMs on a bridge network, the router will sply the ip address to the VMs, just don't target the host ip.

Hi Ditto
with this, can you try ifconfig eth0 mtu 1700 up
"SEND L3 ERROR: 1525 byte packet (0800:06) destined to 192.168.1.78 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Message...

You could try dropping packets from the router "iptables -A INPUT -p udp --srcport 53 -src 192.168.1.1 -j DROP", to see if its repliing first.

Hi The router has probable cached the address and can server it up quicker than the attackers replies. You will have to wait 20mins approx without going to the site, or try some random url in...

It could be a cache attack, if they can find out your default dns sever (gateway,isp,roots hints), then just guessing the port and transaction id they can update the cache, ie google.com = attacker

Just a movie of finding this thing. Software Microsoft windows 2k8, and ida free debugger http://uploading.com/files/get/ec9fddba/res.mp4

Just a trick found why looking at Microsoft server dig @192.168.1.1 version -t TXT -c CH It returns Microsoft DNS 6.1.7601 (id number)

Personal I think other forums are the same. On this blog there are how-tos on router setup and hack , and some exploit writing, but thats about it. It needs more areas apart from local lan type stuff.

My mistake common.mak CFLAGS ?= -g -W -Wall -Werror -O3

Hi some obfuscating code
The code proable needs modifing
Three part
256 array for random stuff
16 array of password
0xf0 for shellcode


mov eax, 0x01400101 //find empety spot on heap
and...

Hi xinus01 5. What exacly is PMK and workunit?, PMK is pair master key, it takes for input the essid and passphrase and loops 8000times throught sha1(it takes alot of work), from there its a simple...

jmp and calls shouldn't set any eflags, jz/jnz,test and cmp sets zero flag, jge/jae/ele/jl/jg set overflow and carry flags. you can use popf and pushf with and/or &0x40(zero flag i think etc)

The line by line substation, say you have xor eax, eax; push eax push eax inc eax push eax connect The brute force part will workout that it needs two push of 0x00 and one of 0x01, and will create a...

Its a good base, was thinking you've keeping track of the registers, you could have a brute force part that takes from one line forward ten say(auto or manual), and get it to generate different...

Thanks, for the jumps you could make people enter jz 0x40 in the asm code rather than jz label.

Hi I was use the one below udp with some modification. wireshark says the packet is all right, i've also tried send a packet exactly the same as netcat to the port, netcat works and hping3 does but...

Hi
Not sure if this is a bug or i'm doing something wrong. I'm following http://www.tenouk.com/Module43a.html example and trying to send a syn packet to my router, but i'm not receiving a syn/ack...