Blog Posts Tagged with "Hacking"


Metasploitable 2.0 pt 4: Cracking Linux Passwords and Pentesting with Grep

August 20, 2012 Added by:Dan Dieterle

Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...

Comments  (0)


Bypassing TrendMicro's Service Protections

August 20, 2012 Added by:Rob Fuller

It's injecting our payload into the service binary and tossing our payload into "rundll32.exe" at run time on the victim. Lets change this so it doesn't do any injection and just executes a binary. That removes the 'injection' piece and hopefully lets us get our shell...

Comments  (0)


Metasploitable 2.0 Tutorial pt 3: Gaining Root from a Vulnerable Service

August 17, 2012 Added by:Dan Dieterle

There are numerous Metasploitable how-to’s out there, but a lot of them focus on the standard services. In real life, which is the service that will most likely go unpatched? The main web server or some secondary service that was installed for a project and then forgotten about? So let’s get started...

Comments  (1)


Breaking Into Security: Planet Earth Edition

August 14, 2012 Added by:Ian Tibble

As a pentest guru wannabe, you may possess extremely high levels of fuzzing, exploit coding, and reversing skills, but you will never get to use them and you will intimidate most interviewers. There are easier ways to break into systems. Security is insufficiently mature in most organizations to warrant pentesting...

Comments  (0)


Metasploitable 2.0 Tutorial pt 2: Scanning for Network Services

August 14, 2012 Added by:Dan Dieterle

Okay, we put in and it scanned it and returned the version of Samba that was running on it. But what if we wanted to scan the whole network for just systems running Samba. This is where the beauty of the RHOSTS command comes into play. Instead of just scanning the single host, let’s scan all 256 clients...

Comments  (0)


The Hacker Highschool Project

August 14, 2012 Added by:Pete Herzog

We need to get teenagers to realize how small they are in a big field. Hacking is a huge field and the one who knows the most about how things work is going to be the most powerful. That teaches students to respect that small bit of power they get from the lessons and to keep teaching things to themselves...

Comments  (1)


Yourikan Claims Ninety-One Iranian Websites Hacked

August 07, 2012 Added by:Headlines

Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...

Comments  (0)


Billions of Hashes per Second with Multiforcer Password Cracker

August 07, 2012 Added by:Dan Dieterle

So what does it take to reach cracking speeds topping 154 Billion hashes per second with multiple hashes? The tool was created to help out pentesters who need to crack passwords, but can not submit hashes obtained to online cracking programs due to auditing agreement restrictions...

Comments  (0)


Metasploitable 2.0 Tutorial: Checking for Open Ports with Nmap

August 03, 2012 Added by:Dan Dieterle

I mentioned recently that we would take a closer look at Metasploitable 2.0, the purposefully vulnerable Linux virtual machine used for learning security tactics and techniques. In this intro, we will quickly cover obtaining Metasploitable 2.0 and scanning it for open ports and services...

Comments  (0)


Red Flag On Biometrics: Iris Scanners Can Be Tricked

August 02, 2012 Added by:Electronic Frontier Foundation

Among all the various biometric traits that can be measured for machine identification, the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked...

Comments  (0)


Un-Ninja the NinjaTel Phone

August 01, 2012 Added by:Boris Sverdlik

For the lucky few that did get the phone, you will be happy to know that the phone has been rooted, but the bootloader is locked. In order to get to any of the settings all that was required was pulling up the IDE app in an area where the phone couldn't connect to any of the pre-installed wireless access points...

Comments  (5)


Leveraging Regular User Accounts to Achieve Compromise

July 31, 2012 Added by:Jake Garlie

One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...

Comments  (0)


Power Pwn and DARPA Programs for Developing Hacking Tools

July 23, 2012 Added by:Pierluigi Paganini

Network analysis has never been easier. Power Pwn, which looks like a surge protector, can be controled remotely via Wi-Fi, Bluetooth, and Ethernet as it searches for network weaknesses. It’s fully manageable via a Web interface accessible through the unit's 3G radio or directly to the device via text message...

Comments  (2)


DEUCE: Bypassing DLP with Cookies

July 19, 2012 Added by:f8lerror

DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...

Comments  (0)


Integration of Mimikatz into Metasploit Stage One

July 10, 2012 Added by:Rob Fuller

One of the powers of Metasploit is its ability to stay memory resident through the use of reflective DLL injection, even keeping new functionalities the attack loads from ever touching disk. I want get to that same level with Mimikatz. Here is my first step to that end: A Railgun based Meterpreter script...

Comments  (0)


Sticky Keys and Utilman Against Network-Level-Authentication

July 02, 2012 Added by:Rob Fuller

If you can get physical or SYSTEM/Admin access and enable + reach RDP, you can very easily gain a level of persistence without the need of a pesky password. However, this doesn't work so well with the advent of NLA or Network-Level-Authentication. StickyKeys don't work so well if you have to authenticate first...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »