Blog Posts Tagged with "Metasploit"
Webcast: SAP Pentesting - From Zero 2 Hero with Metasploit
December 16, 2013 Added by:InfosecIsland News
The webcast will provide a very high level overview of common SAP system vulnerabilities and misconfigurations as well as demonstrate how the Metasploit Framework can be leveraged to quickly and easily exploit and compromise misconfigured/vulnerable SAP systems.
Comments (0)
Post Exploitation Command Lists: Request to Edit
November 07, 2012 Added by:Rob Fuller
If you would like to contribute, please shoot me a tweet, a email, a... anything and I will gladly add you to the permissions to edit. Honestly it just became so overwhelming that every time I thought to add something I would cringe away because I know I'd spend most of time fixing them...
Comments (0)
Help Create an Easy to Use Open Source Risk Equation
October 09, 2012 Added by:Matt Neely
The information security industry has attempted to adapt existing Risk Management practices for the task of managing information security. Numerous frameworks have been devised over the years, including FAIR, OCTAVE, ISO 27001/27005 and NIST 800-53/NIST 800-39, just to name a few...
Comments (0)
Completely In-memory Mimikatz with Metasploit
October 07, 2012 Added by:Rob Fuller
For mimikatz to automatically send commands require double quotes in the command line arguments, so we use single quotes in meterpreter to encircle the execute arguments (-a). Running first "sekurlsa::logonPasswords full" then 'exit' to auto-exit mimikatz console...
Comments (0)
Old School On-Target NBNS Spoofing
September 30, 2012 Added by:Rob Fuller
So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...
Comments (7)
Metasploit Persistence
September 24, 2012 Added by:f8lerror
You pop a box, get your meterpreter shell at the end of the day. You leave your shell, come back in the morning and find out the connection dropped because the system rebooted. Luckily @Carlos_Perez/Darkoperator made a persistence script that is included in Metasploit...
Comments (0)
Metasploit Penetration Testing Cookbook
September 13, 2012 Added by:Philip Polstra
Singh provides an introduction to the widely used Metasploit framework in the form of seventy plus recipes for various penetration testing tasks, and goes beyond the basics of Metasploit and covers additional penetration testing tools such as various scanners and evasion tools...
Comments (0)
Let Me Out of Your .NET Work: Intro
September 05, 2012 Added by:Rob Fuller
The problem I find with these tools is that they are still straight TCP. I know most networks still allow some ports directly outbound and these tools are still quite valid. During the span between these two tools being released, MrB released a site that listens on all 65k ports...
Comments (0)
Cross-Protocol Chained Pass the Hash for Metasploit
August 29, 2012 Added by:Rob Fuller
Every so often someone writes a Metasploit Module that is pretty epic. July 12th was one such day, and as soon as you do you can start using this (using the example resource file to put a file, cat it out, enum shares available, list files on a share) then psexec all from a single URL being loaded...
Comments (0)
Social Engineering Toolkit: Bypassing Antivirus Using Powershell
August 22, 2012 Added by:Dan Dieterle
Just when it looked like antivirus was getting the upper hand against the Social Engineering Toolkit, David Kennedy, author of SET, showed some of the program’s new features. One is a way to get a remote shell by completely bypassing Anti-Virus using a Windows Powershell attack. Let’s look at how this works...
Comments (0)
Metasploitable 2.0 pt 4: Cracking Linux Passwords and Pentesting with Grep
August 20, 2012 Added by:Dan Dieterle
Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...
Comments (0)
Metasploitable 2.0 Tutorial pt 3: Gaining Root from a Vulnerable Service
August 17, 2012 Added by:Dan Dieterle
There are numerous Metasploitable how-to’s out there, but a lot of them focus on the standard services. In real life, which is the service that will most likely go unpatched? The main web server or some secondary service that was installed for a project and then forgotten about? So let’s get started...
Comments (1)
Attack with Power... Point That Is
August 16, 2012 Added by:f8lerror
There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...
Comments (0)
Metasploitable 2.0 Tutorial pt 2: Scanning for Network Services
August 14, 2012 Added by:Dan Dieterle
Okay, we put in 192.168.12.20 and it scanned it and returned the version of Samba that was running on it. But what if we wanted to scan the whole network for just systems running Samba. This is where the beauty of the RHOSTS command comes into play. Instead of just scanning the single host, let’s scan all 256 clients...
Comments (0)
Evidence of Compromise: Metasploit's PSEXEC
July 15, 2012 Added by:Rob Fuller
I was messing with the Windows service binaries in Metasploit and I noticed something. For the PSEXEC module, the service name (actually just the display name, 'service name' is random) always started with an uppercase 'M'. Curious to why that was I looked and found Line 246 of the PSEXEC module to be the culprit...
Comments (0)
Integration of Mimikatz into Metasploit Stage One
July 10, 2012 Added by:Rob Fuller
One of the powers of Metasploit is its ability to stay memory resident through the use of reflective DLL injection, even keeping new functionalities the attack loads from ever touching disk. I want get to that same level with Mimikatz. Here is my first step to that end: A Railgun based Meterpreter script...
Comments (0)
- University of Arizona Researchers Going on Offense and Defense in Battle Against Hackers
- Securing the Internet of Things (IoT) in Today's Connected Society
- What Is Next Generation SIEM? 8 Things to Look For
- Cybersecurity and Online Trading: An Overview
- Artificial Intelligence: The Next Frontier in Information Security
- Five Main Differences between SIEM and UEBA
- For Cybersecurity, It’s That Time of the Year Again
- Myth Busters: How to Securely Migrate to the Cloud
- Microsoft Makes OneDrive Personal Vault Available Worldwide
- Human-Centered Security: What It Means for Your Organization