3xpl01tc0d3r

Hello All, Wondering where is the part IV of the process injection blog post series ? The part IV of this series was written by Renos  on  Parent PID Spoofing  technique. Parent PID Spoofing technique is useful for evading detection. In this post I will cover about Asynchronous Procedure Calls (APC) Queue Process Injection technique. Parent PID Spoofing can also be used with APC Queue Process Injection. The tool can be found on my github repo . What is Asynchronous Procedure Calls (APC) ? This is best described by Microsoft in their documentation . Below is the short brief about APC from the Microsoft Docs. An asynchronous procedure call (APC) is a function that executes asynchronously in the context of a particular thread. When an APC is queued to a thread, the system issues a software interrupt. The next time the thread is scheduled, it will run the APC function. An APC generated by the system is called a kernel-mode APC. An APC generated by an application is called a use

Hi Guys, It been long time since my last post. Recently I came across and amazing blog  post which made me forced to replicate the scenario in my lab. But I made additional changes in the lab where we can learn few more cool things. So let create a fictional story which will make us feel more excited. So lets assume we have got an assignment where we are suppose to perform an external Red Team assessment and our goal is to gain access on the domain controller. As this is a lab environment for demonstration, let's consider this 10.0.2.6 IP as an external IP system/address Step 1: Let scan the IP address on port 8080 for Apache tomcat Step 2: As we see we need an login credentials to access the tomcat manager. So lets try to brute force using Metasploit auxiliary module. Hurrah we got the credential for the tomcat manager tomcat:tomcat Step 3: Lets create a normal webshell and generate the war file for uploading it on tomcat. You can read this