Metasploit Meterpreter: Migrate a process and obtain system password hashes
This follows on from a previous post within which a target machine was exploited and a Meterpreter shell obtained. Details of the exploited machine are: Windows XP Pro Service Pack 2 (unpatched)....
View ArticleMetasploit Meterpreter: Killing Antivirus Software on Exploited System – Killav
This follows on from a previous post within which a target machine was exploited and a Meterpreter shell obtained. Details of the exploited machine are: Windows XP Pro Service Pack 2 (unpatched)....
View ArticleMetasploit: Listing Meterpreter Post Exploitation Modules
This follows on from a previous post within which a target machine was exploited and a Meterpreter shell obtained. Details of the exploited machine are: Windows XP Pro Service Pack 2 (unpatched)....
View ArticleClik here to view.
Metasploit Meterpreter Railgun: Post Exploit Windows API Manipulation
Metasploit: The Penetration Tester’s Guide has this to say about Railgun: You can interface with the Windows native API directly through a Metasploit add-on called Railgun. [....] Railgun gives you the...
View ArticleMetasploit: Experimenting with Immunity Debugger, NOP’s, Opcode, Assembly...
I’m following instruction given in Metasploit: The Penetration Tester’s Guide - Chapter 8 (Exploitation Using Client-Side Attacks). It’s worth watching this excellent video which demonstrates the...
View ArticleClik here to view.
Metasploit Meterpreter: Internet Explorer “Aurora” Memory Corruption...
I’m following instruction given in Metasploit: The Penetration Tester’s Guide - Chapter 8 (Exploitation Using Client-Side Attacks). Details of the target machine on my Virtual Hacking Lab: Windows XP...
View ArticleMetasploit Meterpreter: MS11-006 Client-Side Malicious Document Exploit –...
I’m following instruction given in Metasploit: The Penetration Tester’s Guide - Chapter 8 (Exploitation Using Client-Side Attacks). Details of the target machine on my Virtual Hacking Lab: Windows XP...
View ArticleMetasploit: My first use of Auxiliary Modules
Chapter nine of Metasploit: The Penetration Tester’s Guide moves into auxiliary modules. Here’s a snippet from the book: In addition to providing valuable tools such as port scanners and service...
View ArticleKali Linux: The Social-Engineer Toolkit (SET)
Chapter ten of Metasploit: The Penetration Tester’s Guide moves into Social Engineering, which is a topic I’ve yet to explore. It transpires that one of the author’s of the above book – David “SacMan”...
View ArticleThe Social-Engineer Toolkit (SET) and Metasploit: Spear-Phishing Attack Vectors
This post follows instructions given in chapter ten (The Social-Engineer Toolkit) of Metasploit: The Penetration Tester’s Guide, Previous post here. Here’s what we’re greeted with in the terminal on...
View ArticleClik here to view.
Installing Ruby Gem PacketFu in Kali Linux (Debian)
A short while ago I briefly mentioned the IP packet manipulation tool Scapy. I started reading Adam’s guide and noted this tool is written in Python. I then had the bright idea of finding an equivalent...
View ArticleWhere I’m at
It’s three months since I wrote my last “Where I’m at” post. I must admit this cyber security hobby is something of a time vampire and extremely addictive. Here’s a breakdown of where I find myself...
View ArticleIP Packet Manipulation in Ruby: Goodbye PacketFu Hello Racket
My success with installing PacketFu was short-lived. I updated Metasploit and it broke. I updated the system and it broke. I closed the computer and it broke. That’s it, even my patience has limits....
View ArticleClik here to view.
Installing and running Metasploit Armitage in Kali Linux and my first scan
Armitage is Metasploit’s GUI and although you can find instructions on installing this on Kali Linux, for me, it was no more difficult than running an Metasploit update (msfupdate) and requesting...
View ArticleClik here to view.
Detecting Metasploit Armitage attacks in Security Onion Via a Dualcomm...
Back from holiday and managed to get my hands on an excellent cheap Dell laptop and a Dualcomm Network tap. I loaded the full Security Onion suite (Xubuntu 12.04 64-bit) on the Dell laptop and rigged...
View ArticleClik here to view.
Metasploit: My First Successful Armitage Exploit
I just completed my first successful exploit in the marvellous Metasploit GUI Armitage. Details of the target machine on my Virtual Hacking Lab: Windows XP Pro Service Pack 2 (unpatched). Firewall and...
View ArticleKali Linux Updated to Version 1.0.5
Just found out than an update version of Kali Linux has been released with a few more bits and bobs To upgrade: root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade At the moment I’m studying...
View ArticleClik here to view.
Seting up a simple backdoor shell using Ncat via Metasploit Armitage
First I exploited my Windows system with Metasploit Armitage obtaining a Meterpreter shell as per this post. Then I needed to upload the ncat.exe file (which I download from here) to the target...
View ArticleClik here to view.
Creating a persistent Ncap backdoor in Windows XP startup using Metasploit
I couldn’t figure out how to do this in Armitage and so had to resort to the good ol’ Terminal. I exploited the XP system as per this post and obtained an Meterpreter shell. First to upload the...
View ArticleMetasploitable 2: Exploiting FTP server vsftpd backdoor
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 In the Metasploit console: msf > search vsftpd Matching Modules...
View Article