In this tutorial we will go through the very easy to exploit Follina (CVE-2022-30190) which can be used to perform command execution. This is a easy to build exploit as command can be executed on the remote system witout any promot. As this exploit does not require any macro for exploit, and the complexity of the development is easy, attackers can easily use this to enter enterprise network via email and opening the file using Microsoft Office.
In this guide we will try to explore if we can check for any mnemonics which we don’t want the CPU to execute. In the below example, we will try to block some specific commands from being executed in the CPU. The challenge is to convert rawbytes to assembly language again and check for prohibited mnemonics.
code # prohibit command # the objective is to block certain commands from qiling import Qiling from qiling.
In this segment we will take a sample code from the how to and try to execute according to our own. In this test, we will try to perform an simple addition and see how it goes. The below tutorial will be a very basic entry into the qiling framework where we will perform a simple addition.
addition To perform the addition, following code will be executed onto the CPU.
In this part, we will try to push a value on to the stack and will try to read it. We will
assembly code mov eax, 0xdead mov ebx, 0xbeef push eax push ebx We get the below raw bytes (there are various websites from which you can do this, if you do not know how to generate the raw bytes.):
B8ADDE0000BBEFBE00005053 Now we will try to execute the code below and try to read the values found in the register:
In this section we will use another code to push and set various variable into the emulator prior running the code and set appropriate registers and stack so that we can simulate the code. In the previous writeup, we have used rar bytes code from the
In this segment we will just add values for a predefined value in eax and ebx. The below segment uses asmmethod found from pwntools .
The solution of this challenge is quite simple as you will be given all the information in the code from where we will have to get the password. We will need to use XOR operations to find out what is the password for this code.
code code for this challenge is given below:
$ cat random.c #include <stdio.h> int main(){ unsigned int random; random = rand(); // random value! unsigned int key=0; scanf("%d", &key); if( (key ^ random) == 0xdeadbeef ){ printf("Good!
In the windows environment, to escalate privilege various information about the target system is needed. Unfortunately Windows systems are not as easy as Linux specially in the case of terminal and obtaining information from the shell. Everything in Windows systems seems twisted and made intentionally complex. You will have to remember a lot of tools other commands just to grab the basic informations about the system.
Below I have listed down some of the commands which should help.
