background preloader

Pen-testing

Facebook Twitter

Installing Metasploit Framework in OS X. GitHub - leebaird/discover: For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Dump Windows password hashes efficiently - Part 1. Windows Security Account Manager Slightly modified definition from Wikipedia: The Security Accounts Manager (SAM) is a registry file in Windows NT and later versions until the most recent Windows 7.

Dump Windows password hashes efficiently - Part 1

It stores users' passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords. Generally, dumping operating system users' password hashes is a common action following a compromise of a machine: getting access to the password hashes might open the doors to a variety of attacks including, but not limited to, authenticate with the hash over SMB to other systems where passwords are reused, password policy analysis and pattern recognition, password cracking, etc. Depending on the type of access that you have got to the target, you can retrieve the password hashes from SAM in different ways. Physical access These tools are generally included in many GNU/Linux live distributions. Encyclopaedia Of Windows Privilege Escalation - Brett Moore. Windows Privilege Escalation Fundamentals. Forgot administrator password? The Sticky Keys trick.

Windows-privesc-check. Unix-privesc-check. Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).

unix-privesc-check

It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files). Download unix-privesc-check v1.4 can be downloaded here.

Update: The google code SVN is more up to date. Usage The download is gzip’d, so gunzip it. Securityweekly. Metasploit has A LOT of exploits, but from time to time you will very likely need to use exploits that are not part of the framework.

securityweekly

Whether it is an exploit from www.exploit-db.com that spawns a shell or a netcat listener you can still use the framework to control the host. As long as you have a shell bound to a TCP port you can use metasploit to interact with that victim. What’s more, you can upgrade that shell to a meterpreter session so you can benefit from the full power of the framework. First, to connect to a shell bound to TCP port you will need to use the payload SHELL_BIND_TCP. Exploiting Format String Vulnerabilities for Fun and Profit. Exploit code development. Exploit writing tutorial part 1 : Stack Based Overflows.

Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org.

Exploit writing tutorial part 1 : Stack Based Overflows

(see The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was released just a little bit later. Nice work. You can copy the PoC exploit code, run it, see that it doesn’t work (or if you are lucky, conclude that it works), or… you can try to understand the process of building the exploit so you can correct broken exploits, or just build your own exploits from scratch. MSF Vs OS X - Metasploit Unleashed. Jkook: SSLStrip Step by Step on Ubuntu. SSLStrip used along with MITM to hack SSL websites.You will need following toolsSSLStriparpspoofettercapUbuntu LinuxInternet ConnectionVictim has to be in the same subnetStep 1:- Download SSLStrip from Step 2:- Unzip the downloaded files use "tar -zxvf sslstrip-0.4.tar.gz" Step 3:- Build SSLStrip change directory to unzip folder run "python setup.py build" Step 4:- Install SSLStrip run "sudo python setup.py install" , Requires root privilages Step 5:- Install arpspoof "sudo apt-get install dsniff" Step 6:- Install ettercap "sudo apt-get install ettercap" Step 7:- Verify you ipaddress "ifconfig" Notice the hackers ip is 172.168.1.3 Step 8:- Verify your default gateway "ip route show | grep default | awk '{ print $3}' " Note : This hack works only if victims gateway address is same as that of the Hacker. (172.168.1.1 in the above example)Step 9:- Create three different tabs in your terminal window.

jkook: SSLStrip Step by Step on Ubuntu

Step 11:- In the thisd tab run ettercap. Man in the Middle Attacks - How to Use Arpspoof and SSLStrip. This is my tutorial on Man In The Middle attacks using Arpspoof and SSLStrip.

Man in the Middle Attacks - How to Use Arpspoof and SSLStrip

I've tried to explain things in a little more depth than many tutorials out there, so hopefully you will understand what is actually happening rather than just firing off tools at targets and hoping for results. I wrote this guide for a friend, what's up man! Install the Tools The Man In The Middle attack I will be demonstrating in this tutorial requires a Linux system, with Arpspoof and SSLStrip installed. For further traffic analysis, I recommend installing Wireshark as well. If you are running Backtrack or Kali Linux, all of these tools should be installed out of the box. Mac Tips and "How To" On a Mac: How to Install Aircrack on Mac. SecTools.Org Top Network Security Tools. Wednesday-DIsaacs_OfftheWireWirelessPenetrationtesting.pdf. Wednesday-DIsaacs_OfftheWireWirelessPenetrationtesting.pdf. Ethics of penetration testing. Legal Issues in Penetration Testing. By Mark Rasch When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road.

Legal Issues in Penetration Testing

His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at the switch. On his first day at work, he successfully shoplifted for several hours, until at the end of the day, he was caught. When detained, he showed the security guards his (temporary paper) ID card, and he was promptly beaten up. The story illustrates some of the dangers associated with penetration testing. Legal Authority. Legal Issues. When used properly, Nmap helps protect your network from invaders.

Legal Issues

But when used improperly, Nmap can (in rare cases) get you sued, fired, expelled, jailed, or banned by your ISP. Reduce your risk by reading this legal guide before launching Nmap. Is Unauthorized Port Scanning a Crime? The legal ramifications of scanning networks with Nmap are complex and so controversial that third-party organizations have even printed T-shirts and bumper stickers promulgating opinions on the matter, as shown in Figure 1.3. The topic also draws many passionate but often unproductive debates and flame wars. Figure 1.3. Frequently Asked Questions ~ VulnHub. Troubleshooting Back To The Top Well that depends on what you have downloaded: '.7z', '.RAR', '.TAR', '.TAR.BZ2' and '.ZIP' - These are different compressed archive formats.

Frequently Asked Questions ~ VulnHub

They can be extracted to reveal additional files. 7-zip is free, cross-platform and is able to extract all the mentioned formats. '.ISO' and '.IMG' - These are disk images of an optical disc. They could be burnt onto a CD/DVD (IMGBurn), loaded onto a USB stick (UNetbootin) or mounted inside a virtual machine. '.NVRAM' - The virtual machine's BIOS. '.OVA' - 'Open Virtualization Archive' is a single compressed archive ('.tar') which contains the entire virtual machine (Virtual machine's settings ('.OVF') & hard drive ('.VMDK')). This can be imported into virtualization software. '.OVF' - 'Open Virtualization Format' is the configuration file for the virtual machine. Metasploit Unleashed. Armitage Tutorial - Cyber Attack Management for Metasploit. About ArmitageBefore we begin...

Armitage Tutorial - Cyber Attack Management for Metasploit

Getting StartedHow to get any woman to talk to you User Interface TourSo many pretty screenshots Host ManagementYou've got to find them to hack them. Every Day is Zero Day: Installing Metasploit and Armitage on Mac OSX 10.9 Mavericks. Like most people out there, I have tried to install Metasploit and Armitage using other blog posts first and found that the process failed somewhere along the line. This is yet another attempt to document my experience with the installation, that does borrow heavily from other sources, with a few minor tweaks. Maybe, just maybe, this is the one that works for you too from start to finish.... Every Day is Zero Day: Installing Metasploit and Armitage on Mac OSX 10.9 Mavericks. Tools. Hackery. OSINT. Debian / Ubuntu: Set Port Knocking With Knockd and Iptables. My iptables based firewall allows only port TCP 80 and 443.

I also need tcp port # 22, but I do not have static IP at my home. How do I open and close TCP port #22 on demand under Debian or Ubuntu Linux based server systems? How do I install a port-knock server called knockd and configure it with iptables to open tcp port #22 or any other ports? Debian or Ubuntu Linux comes with knockd. Set Up SSH Tunneling on a Linux / Unix / BSD Server To Bypass NAT. Ch21 : Configuring Linux Mail Servers. Email is an important part of any Web site you create. In a home environment, a free web based email service may be sufficient, but if you are running a business, then a dedicated mail server will probably be required. This chapter will show you how to use sendmail to create a mail server that will relay your mail to a remote user's mailbox or incoming mail to a local mail box. You'll also learn how to retrieve and send mail via your mail server using a with mail client such as Outlook Express or Evolution.

This chapter focuses on Fedora / CentOS / RedHat for simplicity of explanation. Whenever there is a difference in the required commands for Debian / Ubuntu variations of Linux it will be noted. The universal difference is that the commands shown are done by the Fedora / CentOS / RedHat root user. Ch21 : Configuring Linux Mail Servers. Online Penetration Testing Tools. About this tool.

Footprinting

Footprinting and scanning tools. SpiderFoot - The Open Source Footprinting tool. Intelligence Gathering - The Penetration Testing Execution Standard. This section defines the Intelligence Gathering activities of a penetration test. The purpose of this document is to provide a standard designed specifically for the pentester performing reconnaissance against a target (typically corporate, military, or related). The document details the thought process and goals of pentesting reconnaissance, and when used properly, helps the reader to produce a highly strategic plan for attacking a target. Background Concepts. Flu Project: Anubis. Anubis es una aplicación desarrollada por Juan Antonio Calles en colaboración con Pablo González, del Flu Project Team, diseñada para anexionar gran parte de las herramientas necesarias para los procesos de las Auditorías de Seguridad y Test de Intrusión dedicados a la búsqueda de información, denominados Footprinting y Fingerprinting, en una única herramienta.

Con ésta herramienta el auditor no solo conseguirá ahorrar tiempo durante la auditoría, sino que descubrirá nueva información que de manera manual no podría gracias a las automatizaciones que lleva Anubis incorporadas. Entre otras funcionalidades, Anubis permite buscar dominios mediante técnicas basadas en Google Hacking, Bing Hacking, ataques de fuerza bruta contra el DNS, transferencias de zona, etc.

Hardware hacking

Hacking Embedded Devices: UART Consoles - MWR Labs. The ‘Hardware Hacking’ scene has exploded recently, thanks largely to the widespread adoption of devices such as the Arduino and Raspberry PI by the hacking community. Applying hardware hacking techniques during product assessments can often give unrivaled levels of access to hidden or undocumented functionality particularly when reviewing embedded devices such as routers, switches and access points.

John The Ripper Hash Formats. John-users - LM and NTLM C/R cracking. Defence in Depth: Attacking LM/NTLMv1 Challenge/Response Authentication. In Part 1 of the “LM/NTLMv1 Challenge/Response Authentication” series I discussed how both the LANMAN/NTLMv1 protocols operate and the weaknesses that plague these protocols. l0phtcrack.rant.nt.passwd. Wireshark: Determining a SMB and NTLM version in a Windows environment « Knowledge for all (and free) ! Stealing Passwords With Wireshark. Netcraft - Search Web by Domain.