Results 1 to 4 of 4

Thread: Manual exploitation

Hybrid View

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default Manual exploitation

    Greetings again.

    As you may know, I am attempting to rise above the level of script kiddie knowledge of backtrack, metasploit, and indeed hacking.

    my current roadblock is I believe, privilege escalation. I am working on a vulnerable vm where I have gained user level privileges. I have researched possible vulnerabilities and exploit code. Problem: I have always used metasploit to deliver code. I have no idea how to manually exploit a service or cause a desirable condition. Also, I don't understand the source code so I can understand it and what it does, how to use it to exploit the vulnerability.

    I have done some research, I am reading the Wikipedia article on shellcode (dont laugh) and it states:

    "Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits."

    I take this to mean injecting the code into packets that are read by a vulnerable application and the code is executed(remote exploit?), or the same through a file(how do I get the file on the system?), or somehow causing the required condition on the local machine. (how?)

    So can anyone help me out here? point me in the right direction?
    "You're only smoke and mirrors..."

  2. #2
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Manual exploitation

    Checkout these articles. I found them helpful for starting to understand the process of discovering and writing exploits.
    http://packetstormsecurity.org/files/author/7595/

    There are also a ton of other resources on the internet that can help with this subject. There are also a ton of threads on this forum that could help point you in the right direction if you take the time to do some searching.

  3. #3
    Member shadowzero's Avatar
    Join Date
    Jun 2011
    Location
    ${HOME}
    Posts
    94

    Default Re: Manual exploitation

    There are also videos: Video Groups

  4. #4
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Manual exploitation

    http://www.backtrack-linux.org/forum...backtrack.html

    I really liked lupin's tutorials
    They helped me a lot !
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

Similar Threads

  1. Manual Ping
    By mAsTERpEE in forum Experts Forum
    Replies: 0
    Last Post: 10-17-2010, 11:16 PM
  2. WKG only after manual connecting to an AP ?
    By john99 in forum Beginners Forum
    Replies: 1
    Last Post: 04-30-2010, 09:01 AM
  3. Manual ejection of BT cd
    By nevermore in forum Beginners Forum
    Replies: 5
    Last Post: 02-12-2010, 10:24 PM
  4. Manual PCMCIA
    By waxlrose in forum OLD Latest Public Release - BackTrack4 Beta
    Replies: 11
    Last Post: 02-24-2009, 05:38 PM
  5. Exploitation
    By Stamen in forum OLD Newbie Area
    Replies: 2
    Last Post: 07-29-2008, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •