I would've been so lost after gaining the initial foothold with devdoc, I dont think I'd have noticed the service listening on port 100 and even if I did I feel like I would've never figured out what the program was doing or how ro exploit it's functionality. Hopefully one day ill be able to spot these little things even half as well as you do. Great walkthrough appreciate the work
The BUFFER_OVERFLOW results in process monitor are from the program getting buffer size info from the Win32 API If you want it to return some string value or something large, you make a call to wtv info API routine giving it a buffer and the buffer size, and if the size isn't large enough to hold the response, you get an overflow response code and information on the correct size that its needs to be. Usually the pattern used is to send the request with a 0 size, so it errors and gives you the correct size, then you can allocate enough space and make the call again with the correct size. This results in tons of overflow errors listed in the system messages, but it's just standard procedure
One thing I don’t understand is how you can tell that the report management is ran by a high privileged account, how do you check that before going that route?
"tasklist /v" shows all the running processes + the users that they run under. When you run it you can usually see under which user every process runs . Side note*: Some entries are showing as "N/A" for the User, but that usually means that it's running under a system account.
I would've been so lost after gaining the initial foothold with devdoc, I dont think I'd have noticed the service listening on port 100 and even if I did I feel like I would've never figured out what the program was doing or how ro exploit it's functionality. Hopefully one day ill be able to spot these little things even half as well as you do. Great walkthrough appreciate the work
59:46 you can also use -C3 instead of -A3 -B3. The "C" stands for "context" so it's easy to memorize.
Waiting for your video sir....😊
sar do the needful saaaaar
The BUFFER_OVERFLOW results in process monitor are from the program getting buffer size info from the Win32 API
If you want it to return some string value or something large, you make a call to wtv info API routine giving it a buffer and the buffer size, and if the size isn't large enough to hold the response, you get an overflow response code and information on the correct size that its needs to be.
Usually the pattern used is to send the request with a 0 size, so it errors and gives you the correct size, then you can allocate enough space and make the call again with the correct size.
This results in tons of overflow errors listed in the system messages, but it's just standard procedure
@IppSec - The inserted magicbytes are not going to break the synax of the reverse shell?
Nope. ASPX ignores the characters that aren't part of its syntax. Just like PHP wouldnt execute whats before
Ipp Bandicoot
ippflix and chill
May i ask what OS you normally run IppSec?
Parrot
Whats your terminal setup and shortcuts?
why don't you use kali for just for one video please
Go to the older videos, but really distro does not matter
7:03 now we all knew how old is ippsec
That actually wasn't my birth year :) Couple years off.
Ipp is actually a 10 year old cyborg from Earth-10005, Universe-323.
One thing I don’t understand is how you can tell that the report management is ran by a high privileged account, how do you check that before going that route?
"tasklist /v" shows all the running processes + the users that they run under. When you run it you can usually see under which user every process runs .
Side note*: Some entries are showing as "N/A" for the User, but that usually means that it's running under a system account.
Push!
I'm new,What is this channel about?😅
Yess
You can't hack time..
some gigs are hacking time by buying SSDs😂😂