Execute Shellcode, Bypassing Anti-Virus | InteliSecure

Hello, I am going to demonstrate a little trick to allow you to bypass anti-virus and execute shellcode, this is a publicly known trick that I did not discover. The shellcode I am going to use for this example is the common Metasploit Windows Bind TCP shell, however any shellcode can be used, I have simply chosen this one for simplicity. As I’m sure you’re all aware, the standard Metasploit…

Ubertooth – Bluetooth Sniffing Updated for 2014!

Earlier I noticed this tweet on my twitter feed: Ubertooth release: https://t.co/cCYHNf34Yc I know it’s been a long time coming, I promise not to leave it so long next time. — Dominic Spill (@dominicgs) February 20, 2014 So I thought I would walk you through the update, which has improved Operating System support, improved Bluetooth Low Energy (BTLE) support, and GitHub integration to make community development easier….

New WiFi Pineapple; From Britain with Love!

Introduction Since approximately around the time of our posting Blue for the Pineapple (6 months ago). Hak5 Pineapple Team have disappeared underground to produce the new Mark 5 Pineapple. A customised board that is cheaper to produce and more easily affordable. The Mark 5 has 2x WiFi cards (Atheros 9331 & RTL8187 (famously known as an Alfa)), with SMA connectors. Twice the RAM & ROM (16MB & 64MB), with the…

Python Warp 9 – PyPy Beta For Raspberry Pi

Back in May, the Raspberry Pi Foundation mentioned that they had been sponsoring the development of the ARM port of PyPy, the high-performance Python interpreter. The team released a first beta of the upcoming 2.1 release, which for the first time adds ARM as an officially supported architecture. You can see the announcement here, and download binaries for Raspbian here. Give it a spin and let us know what you think. The tests below…

How To Decode BIG IP F5 Persistence Cookie Values

Hey Guys, I came across a BIG IP F5 Load balancer when doing a recent web application penetration test. The interesting thing about this load balancer was the cookie value: Name BIGipServerLive_pool Value 110536896.20480.0000 Path / Secure No Expires At End Of Session As you can see the cookie value looks rather suspicious, lets see if we can reverse it! I came across the following page with a plethora of…

Fun with System() and I/O Redirection…

Hey, I have seen a few wargame levels now that require you to do funky stuff with IO redirection and thought it would make an interesting blog post. For more information about IO redirection please see: BASH: IO Redirection I don’t know whether you’re familiar with the late Unreal IRCd source being backdoored? More information can be found here: Unreal IRCd Backdoor Well the hackers had placed a system() function…

Python cPickle: Allows For Arbitrary Code Execution

Hello All, I was passing some time playing one of our new wargames at Smash The Stack called Amateria and came across something I’ve not really looked at before, Python’s cPickle library it allows for some interesting fun when unpickling untrusted data over a socket or any network communication. Basically cPickle is a library that enables Python to perform object serialization. Pickling and unpickling are the terms used in the…