Ethical hacker | OSCE(3) CRTM CRTL GXPN GRTP GCIH GCPN
Ntds-analyzer is a tool to extract and analyze the hashes in Ntds.dit files after cracking the LM and NTLM hashes in it. It offers relevant information about the Active Directory’s passwords, such as the most common used ones or which accounts use the username as password. Also, it offers an extra functionality: it calculates the NTLM hash value from the LM hash when only the latter has been cracked (we will explain this later!).
This is a WiFi Pentesting guide I wrote some time ago after years carrying out WiFi pentests (and a BSc thesis about this topic). I received many questions from colleagues so I decided to share most of my knowledge and prepared VMs for some specific attacks.
particles.js is a lightweight JavaScript library for creating particles.
Description: Call the ret2win() function, the caveat this time is that the third argument (which you know by now is stored in the rdx register on x86_64 Linux) must be 0xdeadcafebabebeef
Description: There’s only enough space for a three-link chain on the stack but you’ve been given space to stash a much larger ROP chain elsewhere. Learn how to pivot the stack onto a new location.
Description: There’s only enough space for a three-link chain on the stack but you’ve been given space to stash a much larger ROP chain elsewhere. Learn how to pivot the stack onto a new location.
Description: The concept here is identical to the write4 challenge. The only difference is we may struggle to find gadgets that will get the job done.