Comments for GoSecure! https://www.gosecure.it/blog MyDear(root)Shell Fri, 29 Mar 2019 13:58:33 +0000 hourly 1 https://wordpress.org/?v=5.6 Comment on Create a custom shellcode using System() function by EA https://www.gosecure.it/blog/art/452/sec/create-a-custom-shellcode-using-system-function/#comment-30748 Fri, 29 Mar 2019 13:58:33 +0000 https://www.gosecure.it/blog/?p=452#comment-30748 Would your command above work without escaping the backslashes?

]]>
Comment on Mysql_escape_string: the charset vulnerability by jiachen https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/#comment-30153 Fri, 25 May 2018 13:43:21 +0000 https://www.gosecure.it/blog/?p=483#comment-30153 nice osce codes hahahahah

]]>
Comment on Setting up a ssh server on Kali linux by Ray https://www.gosecure.it/blog/art/194/note/194ssh-on-kali/#comment-29869 Wed, 21 Feb 2018 14:20:53 +0000 https://www.gosecure.it/blog/?p=194#comment-29869 OMG! I’ve been starting to get so frustrated.
I’m a noob in ssh and kali/linux and this is the only detailed guide I have finally found (been searching for almost 2 days!!!).
Thank you so much!

]]>
Comment on Create a custom shellcode using System() function by frankgrimes https://www.gosecure.it/blog/art/452/sec/create-a-custom-shellcode-using-system-function/#comment-28500 Thu, 18 May 2017 15:50:17 +0000 https://www.gosecure.it/blog/?p=452#comment-28500 A couple of things about the assembly you used that I think could shorten it up.

I believe you can just “call ” instead of loading the address of system() in a register and calling the register.

Instead of putting the address of the top of the stack (ESP) in EDI and then pushing that to the stack, I also think you can just do a “PUSH ESP”

]]>
Comment on Rougue Access Point using Kali Linux by gopi https://www.gosecure.it/blog/art/376/note/rougue-access-point-using-kali-linux/#comment-27318 Mon, 05 Dec 2016 18:30:12 +0000 https://www.gosecure.it/blog/?p=376#comment-27318 a DHCP server working on the LAN where eth0 is connected..
How to do this??? what does it mean..
im using NAT in virtualbox and latest kali version..
dhcp server is my problem…

]]>
Comment on Create a custom shellcode using System() function by konstantinos https://www.gosecure.it/blog/art/452/sec/create-a-custom-shellcode-using-system-function/#comment-22747 Mon, 07 Dec 2015 15:03:18 +0000 https://www.gosecure.it/blog/?p=452#comment-22747 Nice post.!! Very informative!!!
i was wondering if we could use other functions except system() and winexec to accomplish the same results.

]]>
Comment on Mysql_escape_string: the charset vulnerability by carlos https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/#comment-20188 Mon, 28 Sep 2015 23:22:35 +0000 https://www.gosecure.it/blog/?p=483#comment-20188 I’m trying to play your example. But in both cases’ it is escaped. I find the way to introduce SQL injection. If I force the conezion to GBK if it works, but not how to force this without changing the file

]]>
Comment on Mysql_escape_string: the charset vulnerability by php doesn´t interpret my hex characters as hex | DL-UAT https://www.gosecure.it/blog/art/483/sec/mysql_escape_string-the-charset-vulnerability/#comment-13401 Sat, 30 May 2015 00:52:52 +0000 https://www.gosecure.it/blog/?p=483#comment-13401 […] Username and password are escaped before they are used in the querystr above. This means any apastroph(single quote) is escaped as well. I found a blog describing this very issue here: mysql_escape_string-the-charset-vulnerability. […]

]]>
Comment on Setting up a ssh server on Kali linux by 9jera https://www.gosecure.it/blog/art/194/note/194ssh-on-kali/#comment-10401 Thu, 02 Apr 2015 18:09:47 +0000 https://www.gosecure.it/blog/?p=194#comment-10401 Great instruction here, its accurate and works.

]]>
Comment on Rougue Access Point using Kali Linux by Hugo https://www.gosecure.it/blog/art/376/note/rougue-access-point-using-kali-linux/#comment-276 Fri, 31 Oct 2014 15:34:07 +0000 https://www.gosecure.it/blog/?p=376#comment-276 I can see the AP when I run the `airbase-ng` command, but as soon as I enter the `brctl addif test-bridge at0` command it disappears. Even after completing all the steps it wont show up anymore. (Other devices and when using airodump-ng mon0)

]]>