Blog Posts Tagged with "Metasploit"

B64e021126c832bb29ec9fa988155eaf

Harvesting Credentials with the Social Engineering Toolkit

July 09, 2012 Added by:Dan Dieterle

The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...

Comments  (3)

71d85bb5d111973cb65dfee3d2a7e6c9

How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

State Sponsored IE Vulnerability and a Four Line MySQL Exploit

June 21, 2012 Added by:Headlines

Of the two latest Microsoft IE vulnerabilities, the first seems the most interesting. Rumored to be “State-Sponsored”, the vulnerability focuses on Gmail, MS Office and Internet Explorer. And as yet is still an active Zero Day exploit. Security software company Rapid 7 explains the vulnerability as follows...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Practice Linux Penetration Testing Skills with Metasploitable

May 18, 2012 Added by:Dan Dieterle

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

Exploit for Liferay XSL Code Execution Released

April 11, 2012 Added by:Spencer McIntyre

Researchers are releasing a Metasploit module that can exploit a vulnerability in an open source web content management system called Liferay in the XSLT processing engine that is used to allow setting dynamic XML feeds to be displayed as content on a page...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

One-Day Exploits, Binary Diffing and Patch Management

April 05, 2012 Added by:Pierluigi Paganini

One-Day exploits have a reduced possibility of success due the potential for patching by a target, but the attacks are still insidious and cheaper in comparison to Zero-Days - it's quite simple to retrieve the information on the internet and use tools to commit the attacks...

Comments  (0)

296634767383f056e82787fcb3b94864

An Open Source Methodology to Attack Critical Infrastructure

March 20, 2012 Added by:Jeffrey Carr

Attackers with moderate skills can cause disruption to outright destruction of critical infrastructure at low cost and in short order. Contrary to popular wisdom, an attack against a nuclear power or hydro-electric plant doesn't require the resources of a nation state...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Developing the LNK Metasploit Post Module with Mona

March 20, 2012 Added by:Rob Fuller

One of Mona’s many and least well known functions is ‘header’, which outputs a ruby version of a file broken into ASCII and binary parts. The problem: I need to recreate a file in a way I can manipulate it in a post module without using the spec or Railgun to assist...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

MS08_068 + MS10_046 = FUN UNTIL 2018

March 06, 2012 Added by:Rob Fuller

If you are on an internal penetration test and either exploit a machine or find an open share, you can create an LNK file with an icon that points at a nonexistent share on your attacking machine's IP...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Exploit Tool Releases for ICS Devices Advisory

February 16, 2012 Added by:Headlines

Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Jihadi Information Warfare: The Next Wave

February 14, 2012 Added by:Infosec Island Admin

There have been tutorials on SQLi and Metasploit online for a long time, but only recently have we seen them translated into Arabic and placed on the technical forums. This means that even the low end of the technically capable Jihadist's can now boot up these tools hack a site…

Comments  (0)

83a1969531a4f021a9f7339e222ab995

NETPeas COREvidence v1.0 Sneak Preview

February 02, 2012 Added by:Nabil Ouchn

COREvidence, a Software as a Service (SaaS) product, integrates multiple services to create a one-stop network security solution. Customers have immediate access to numerous technology leaders in vulnerability management, compliance achievement and monitoring...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

When a Tool Becomes a Weapon

February 01, 2012 Added by:Alan Woodward

The Metasploit Project is an extremely valuable tool. However, a recent development which was revealed demonstrates just how easily the Metasploit Framework can be used to develop malicious payloads that avoid detection by the usual Anti-Virus and Firewall software...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »