Creating database user for postgresql in Metasploit


I’m sure many of you would have trouble going through this stage if you are trying to setup the database within Metasploit.  I’m definitely one of them and I had trouble with it all the while until today, I’m not entirely sure whether the solution I’m giving is correct but I believe it should so I’m writing this quickly and will alter it when I’m done!

Please be reminded that I am doing this on an Ubuntu machine.
Please check the source link for now.

.

.

.

Source: http://dev.metasploit.com/redmine/projects/framework/wiki/Postgres_setup
General: http://dev.metasploit.com/redmine/projects/framework/wiki/Setting_Up_a_Database
Other: http://www.offensive-security.com/metasploit-unleashed/Configuring_Databases

Advertisements

Builder & Stub | How to create your own builder and stub in C (using Resource)


If you are looking to build it using EOF, look here.

As i have already created a similar post which creates your own builder using the File I/O (Input/Output) operation, some have came across a problem where they need their stub application to be placed and ran in memory instead of normal execution.  In order to counter this problem, the solution that can come into mind is to use the resource data in the file.  Even if your file is ran in the memory, the resource data is also loaded with it.  Be aware that the terms used may confuse you so read the synonym section.  Take a look at the concept below. Read the rest of this entry »

Builder & Stub | How to create your own builder and stub in C (using EOF)


If you are looking to build it using Resource, look here.

This question is often seen in one of the forum that i hang around.  Although the programming language is different, the idea and concept is one.  I have already prepared a source code for this project but i will explain a little or less about how it works.  Understand that the term stub i am using refers to the application that is going to read a message that has been injected from an application called builder.  Be aware that the term injected also refers to implanted or appended.  In this article, i will be showing the concept on how a builder and stub works, what will you need before coding it and your preparations as well as pseudocode to ease understanding of the concept.  Apart from that you can download the project in case you are not sure what to do with the source code given due to certain complexity. Read the rest of this entry »

DLL Injection | What it is


In computer programming, DLL injection is a technique used to run code within the address space of another process by forcing it to load a dynamic-link library.[1] DLL injection is often used by third-party developers to influence the behavior of a program in a way its authors did not anticipate or intend.[1][2][3] For example, the injected code could trap system function calls,[4][5] or read the contents of password textboxes, which cannot be done the usual way.[6]

Approaches on Microsoft Windows

There are at least four ways to force a program to load a DLL on Microsoft Windows:

  • DLLs listed under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs will be loaded into every process that links to User32.dll as that DLL attaches itself to the process.[5][7][8][9]
  • Process manipulation functions such as CreateRemoteThread can be used to inject a DLL into a program after it has started.[5][6][10][11][12][13]
    1. Get a handle to the target process. This can be done by spawning the process[14][15] or by keying off something created by that process that is known to exist – for instance, a window with a predictable title,[16] or by obtaining a list of running processes[17] and scanning for the target executable’s filename.[18]
    2. Allocate some memory in the target process,[19] and the name of the DLL to be injected is written to it.[10][20]
      This step can be skipped if a suitable DLL name is already available in the target process. For example, if a process links to ‘User32.dll’, ‘GDI32.dll’, ‘Kernel32.dll’ or any other library whose name ends in ‘32.dll’, it would be possible to load a library named ‘32.dll’. This technique has in the past been demonstrated to be effective against a method of guarding processes against DLL injection.[21]
    3. Create a new thread in the target process[22] with the thread’s start address set to be the address of LoadLibrary and the argument set to the address of the string just uploaded into the target.[10][23]
      Instead of writing the name of a DLL-to-load to the target and starting the new thread at LoadLibrary, one can write the code-to-be-executed to the target and start the thread at that code.[6]
    4. The operating system will now call DllMain in the injected DLL.[10][24]
    Note that without precautions, this approach can be detected by the target process due to the DLL_THREAD_ATTACH notifications sent to every loaded module as a thread starts.[24]
  • Windows hooking calls such as SetWindowsHookEx.[2][5][6][25][26][27]
  • Use the debugging functions to pause all threads, and then hijack an existing thread in the application to execute injected code, that in turn could load a DLL.[4][28][29]

In Windows Vista, Microsoft introduced the notion of a protected process. Such processes are immune from DLL Injection.[30]

Source: Wikipedia

Approaches on Microsoft Windows

There are at least four ways to force a program to load a DLL on Microsoft Windows:

  • DLLs listed under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs will be loaded into every process that links to User32.dll as that DLL attaches itself to the process.[5][7][8][9]
  • Process manipulation functions such as CreateRemoteThread can be used to inject a DLL into a program after it has started.[5][6][10][11][12][13]
    1. Get a handle to the target process. This can be done by spawning the process[14][15] or by keying off something created by that process that is known to exist – for instance, a window with a predictable title,[16] or by obtaining a list of running processes[17] and scanning for the target executable’s filename.[18]
    2. Allocate some memory in the target process,[19] and the name of the DLL to be injected is written to it.[10][20]
      This step can be skipped if a suitable DLL name is already available in the target process. For example, if a process links to ‘User32.dll’, ‘GDI32.dll’, ‘Kernel32.dll’ or any other library whose name ends in ‘32.dll’, it would be possible to load a library named ‘32.dll’. This technique has in the past been demonstrated to be effective against a method of guarding processes against DLL injection.[21]
    3. Create a new thread in the target process[22] with the thread’s start address set to be the address of LoadLibrary and the argument set to the address of the string just uploaded into the target.[10][23]
      Instead of writing the name of a DLL-to-load to the target and starting the new thread at LoadLibrary, one can write the code-to-be-executed to the target and start the thread at that code.[6]
    4. The operating system will now call DllMain in the injected DLL.[10][24]
    Note that without precautions, this approach can be detected by the target process due to the DLL_THREAD_ATTACH notifications sent to every loaded module as a thread starts.[24]
  • Windows hooking calls such as SetWindowsHookEx.[2][5][6][25][26][27]
  • Use the debugging functions to pause all threads, and then hijack an existing thread in the application to execute injected code, that in turn could load a DLL.[4][28][29]

In Windows Vista, Microsoft introduced the notion of a protected process. Such processes are immune from DLL Injection.[30]

MuteX | How to create a single instance application in C


#include <windows.h>
#include <stdio.h>

#define MUTEX_NAME "mutex name here, anyname"
int main()
{
 HANDLE hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, MUTEX_NAME);
 if(hMutex == NULL)
 {
 // no duplicate instances found
 hMutex = CreateMutex(NULL, FALSE, MUTEX_NAME);
 }
 else
 {
 // a duplicate was found
 return 0;
 }

 printf("Created console\n");
 getchar();
 return 1;
}

As you can see, there’s OpenMuteX and CreateMuteX function that has been used.  To briefly explain this, OpenMuteX opens a handle to check whether a mutex has been created.  If it returns the value NULL, it means that no mutex of the current string has been created.  So when it is NULL, CreateMuteX is called to create the mutex with the string MUTEX_NAME that has been defined.  Leave a feedback if you feel that there’s lack of information.