Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Introduction In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server. The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return […]

Windows XP L2TP over IPSec dialup client VPN to a Juniper ScreenOS firewall, using Certificates

Before looking at the various configuration steps, we’ll have to take the following assumptions into account : – We don’t want to use the Netscreen Remote client, but we want to use the Windows XP built-in dialup VPN technology that allows us to build PPTP or L2TP/IPSec connections.  Juniper screenOS does not support PPTP (which […]

Icons Shortcuts and SendTo items in Windows XP/2003/Vista/2008

Fixing missing icons & shortcuts : Send To "Compressed Folder" is missing : Click Start->Run In the "open" box, type "cmd" (without the quotes) Click ok Enter the following command and press "return" rundll32 zipfldr.dll,RegisterSendto (you should not get any warnings or errors) The first time you are trying to zip, you may be prompted […]

Open a command prompt with system rights in Vista (and XP)

First of all, download psexec from the Microsoft website. http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx     From and elevated/admin command prompt (cmd.exe, "run as administrator"), run psexec –s cmd.exe    C:\>whoami peter C:\>psexec -s cmd.exe PsExec v1.83 – Execute processes remotely Copyright (C) 2001-2007 Mark Russinovich Sysinternals – www.sysinternals.com Microsoft Windows [Version 6.0.6000] Copyright (c) 2006 Microsoft Corporation.  All […]

Run explorer window with administrator rights in Vista

Easy, don’t you think ?  Right click explorer(.exe), choose "run as administrator" and you’re set ?    Nope – doesn’t work !  And this is why    The UAC (User Account Control) feature in Vista provides a user with two tokens when he logs on… a token that is bound to his real user rights, […]

Enable incoming icmp (ping) in Vista

By default, Vista has the Windows Firewall is turned on. This means that all incoming connections are being blocked. This may be a good thing in certain cases, but not restrictive enough in most cases, because all outgoing traffic would be allowed, so either additional rules need to be set up, or Windows Firewall should […]

Howto reset offline files in XP and Vista

Windows XP Method 1 1. In Folder Options, on the Offline Files tab, press CTRL+SHIFT, and then click Delete Files. The following message appears: The Offline Files cache on the local computer will be re-initialized. Any changes that have not been synchronized with computers on the network will be lost. Any files or folders made […]

Demand Global Change

The world needs your help !

Please take a few moments to read the "Demand Global Change Call For Action" document at
Read the full document at
http://bit.ly/demandglobalchange_full and share the message with as many people as possible.

Like the Facebook page, and SHARE it with everyone you know.


Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?

Your donation will help funding server hosting.

Protected by Copyscape Web Plagiarism Tool

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Corelan Live training

Since 2011, Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.

You can read more about the training and schedules here

Corelan on IRC

You can chat with us and our friends on #corelan (freenode IRC)