Dll

User flag Analysis.htb I started by enumerating the VHosts on the webserver as there was no obvious vulnerability on the website: 1 ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u http://analysis.htb/ -H "Host: FUZZ.analysis.htb" The only result should be internal.analysis.htb so let’s fuzz more: 1 ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://internal.analysis.htb/FUZZ After extensive fuzzing, I discovered a PHP file which is interesting: 1 ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://internal.analysis.htb/users/FUZZ.php By now, we have a file named list....

Sometimes you have to hide stuff that your code does from a reverse engineer’s eye or static analysis tools. To achieve that, I came up with a few helper macros and functions to search for functions at runtime and call them without leaving a trace in the executable’s import table. TL;DR Hiding function imports Let’s take this simple program as an example: 1 2 3 4 5 6 7 #include <Windows....