Blog Posts Tagged with "Meterpreter"
Old School On-Target NBNS Spoofing
September 30, 2012 Added by:Rob Fuller
So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...
Comments (0)
Metasploit Persistence
September 24, 2012 Added by:f8lerror
You pop a box, get your meterpreter shell at the end of the day. You leave your shell, come back in the morning and find out the connection dropped because the system rebooted. Luckily @Carlos_Perez/Darkoperator made a persistence script that is included in Metasploit...
Comments (0)
How to PWN Systems Through Group Policy Preferences
September 20, 2012 Added by:Jeff McCutchan
All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...
Comments (0)
Metasploit Penetration Testing Cookbook
September 13, 2012 Added by:Philip Polstra
Singh provides an introduction to the widely used Metasploit framework in the form of seventy plus recipes for various penetration testing tasks, and goes beyond the basics of Metasploit and covers additional penetration testing tools such as various scanners and evasion tools...
Comments (0)
Raising Zombies in Windows: Passwords
September 13, 2012 Added by:Rob Fuller
List the tokens available with Incognito, your new user will be there, steal it and you're done. You now have the ability to user that account/domain token on any of the hosts you've compromised on the network, not just the ones they happen to have left themselves logged in...
Comments (0)
Bypassing TrendMicro's Service Protections
August 20, 2012 Added by:Rob Fuller
It's injecting our payload into the service binary and tossing our payload into "rundll32.exe" at run time on the victim. Lets change this so it doesn't do any injection and just executes a binary. That removes the 'injection' piece and hopefully lets us get our shell...
Comments (0)
Netstat Post Module for Meterpreter
July 20, 2012 Added by:Rob Fuller
It's real simple, first we've gotta add the GetTcpTable function to Railgun, then gauge the size of the table, then it's all just parsing the result. Also pretty straight forward. First we get the number of entries which is held in the first 4 bytes, then just parse the MIB_TCPTABLE one MIB_TCPROW...
Comments (0)
Post Exploitation with PhantomJS
June 17, 2012 Added by:Rob Fuller
PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...
Comments (0)
Recovering Remote Windows Passwords in Plain Text with WCE
June 05, 2012 Added by:Dan Dieterle
After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...
Comments (1)
Recovering Windows Passwords Remotely in Plain Text
April 26, 2012 Added by:Dan Dieterle
There has been a lot of buzz across the web the last few months about a program called “Mimikatz”. It is an interesting program that allows you to recover Windows passwords from a system in clear text. The passwords for anyone who has logged into a machine can be displayed...
Comments (0)
Developing the LNK Metasploit Post Module with Mona
March 20, 2012 Added by:Rob Fuller
One of Mona’s many and least well known functions is ‘header’, which outputs a ruby version of a file broken into ASCII and binary parts. The problem: I need to recreate a file in a way I can manipulate it in a post module without using the spec or Railgun to assist...
Comments (0)
Backtrack 5: Penetration Testing with Social Engineering Toolkit
January 11, 2012 Added by:Dan Dieterle
Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?
Comments (0)
New Meterpreter Extension Released: MSFMap Beta
January 08, 2012 Added by:Spencer McIntyre
The ICMP and ARP scanning features bring great benefits over many other common methods because MSFMap does not spawn any new processes that may reveal its presence to a watchful user. MSFMap runs entirely in memory and does not write any data to the compromised host...
Comments (0)
Abusing Windows Virtual Wireless NIC Feature
October 09, 2011 Added by:Kyle Young
If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm...
Comments (1)
Who's Logged In? A Quick Way to Pick Your Targets
October 04, 2011 Added by:Rob Fuller
Say you need to get your bearings quickly on an internal test and going into each shell and doing a PS, then looking through the list for all the users logged in is a definitely not ideal. I wrote a quick script that you can throw in the Meterpreter scripts folder to aide you a bit with this...
Comments (0)
Backtrack Metasploit Megaprimer
September 28, 2011 Added by:Dan Dieterle
The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...
Comments (2)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox