background preloader

Metasploit Unleashed

Metasploit Unleashed
This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework. This is a free online course and if you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $9.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.

Related:  Security

How to Create a SSH Tunnel Through Your Seedbox IP (Proxy for Your Home PC) Faster torrents, high connectivity and seed-ability are notably the primary reasons why most of us opt to use a seedbox. Fair enough - but a seedbox (server) can be used to implement a variety of tasks that extend far beyond just torrenting. We’ll explain how you can run a SSH tunnel through your seedbox server, in order to use your seedbox’s IP address as a proxy on your local machine (home PC). And it works for most Internet apps that support SOCKS5 (web browser, IRC/MSN, even a home uTorrent client). Armitage Tutorial - Cyber Attack Management for Metasploit About ArmitageBefore we begin... Getting StartedHow to get any woman to talk to you User Interface TourSo many pretty screenshots Host ManagementYou've got to find them to hack them. ExploitationThis is the fun stuff Post-ExploitationThis is the really fun stuff ManeuverGetting around the network and on to more targets Team MetasploitThis is cyber attack management! Scripting ArmitageThe next step... 1.1 What is Armitage? Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Exploit writing tutorial part 1 : Stack Based Overflows Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via (see The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was released just a little bit later. Nice work.

The Crypto Anarchist Manifesto From: (Timothy C. May) Subject: The Crypto Anarchist Manifesto Date: Sun, 22 Nov 92 12:11:24 PST Cypherpunks of the World, Several of you at the "physical Cypherpunks" gathering yesterday in Silicon Valley requested that more of the material passed out in meetings be available electronically to the entire readership of the Cypherpunks list, spooks, eavesdroppers, and all. <Gulp> Here's the "Crypto Anarchist Manifesto" I read at the September 1992 founding meeting.

Every Day is Zero Day: Installing Metasploit and Armitage on Mac OSX 10.9 Mavericks Like most people out there, I have tried to install Metasploit and Armitage using other blog posts first and found that the process failed somewhere along the line. This is yet another attempt to document my experience with the installation, that does borrow heavily from other sources, with a few minor tweaks. Maybe, just maybe, this is the one that works for you too from start to finish.... Assumptions: I assume that like me, you have a pretty fresh mac to do the installation on. This will probably fail spectacularly if you have macports installed already, or have upgraded from a previous OSX version with metasploit installed. Vulnserver Originally introduced here , Vulnserver is a Windows based threaded TCP server application that is designed to be exploited. The program is intended to be used as a learning tool to teach about the process of software exploitation, as well as a good victim program for testing new exploitation techniques and shellcode. What’s included? The download package includes the usual explanatory text files, source code for the application as well as pre compiled binaries for vulnserver.exe and its companion dll file. Running Vulnserver

Crypto-anarchism Described by Vernor Vinge, crypto-anarchy is more specifically anarcho-capitalist, employing cryptography to enable individuals to make consensual economic arrangements and to transcend national boundaries. Etymology[edit] The "crypto" in crypto-anarchism should not be confused with the use of the prefix "crypto-" to indicate an ideology or system with an intentionally concealed or obfuscated "true nature". Debian / Ubuntu: Set Port Knocking With Knockd and Iptables My iptables based firewall allows only port TCP 80 and 443. I also need tcp port # 22, but I do not have static IP at my home. How do I open and close TCP port #22 on demand under Debian or Ubuntu Linux based server systems? How do I install a port-knock server called knockd and configure it with iptables to open tcp port #22 or any other ports? Debian or Ubuntu Linux comes with knockd.

Introducing Vulnserver Vulnserver I have just released a program named Vulnserver - a Windows based threaded TCP server application that is designed to be exploited. Why did I write this? I am (slowly, and when not occupied with other things) teaching myself to program in C, and this seemed like a good way to further develop my C programming skills. This gave me an opportunity to see how software is exploited from the developers point of view, and crafting this software so it was exploitable using particular exploit techniques was an interesting challenge, and enabled me to look at exploitation from a new perspective. And as an added bonus, it gives me the opportunity to claim that any bugs found in my code were put there deliberately. Guest Post: “The Ultimate Guide for Anonymous and Secure Internet Usage” Wednesday, April 11th, 2012 at 7:29 pm. another fine guest post by some random pastebin-using entity on the internet(s): This is a guide with which even a total noob can get high class security for his system and complete anonymity online.

Set Up SSH Tunneling on a Linux / Unix / BSD Server To Bypass NAT I'm a new Linux / Unix system user. How can I set encrypted tunnel between my desktop/laptop computer and server in a remote data center to bypass the limits in a network? How do I create a reverse SSH tunnel on Unix-like systems? Bypassing AntiVirus Detection for Malicious PDFs Introduction Recently I had to get a malicious PDF file past a virus scanner as part of a penetration test, and I thought I would share the process I used to do it. But before I do so, lets get the standard disclaimer out of the way... Warning! Please note that this tutorial is intended for educational purposes only, and you should NOT use the skills you gain here to attack any system for which you don't have permission to access. It's illegal in most jurisdictions to access a computer system without authorisation, and if you do it and get caught (which is likely) you deserve whatever you have coming to you.

Msfconsole Commands The msfconsole has many different command options to chose from. back Once you have finished working with a particular module, or if you inadvertently select the wrong module, you can issue the 'back' command to move out of the current context. This, however is not required. Part II: How to Be Anonymous Online (for Beginners) If you have significant reason to be concerned about your anonymity online, this installment will not be for you; please wait for the next installment. The methods described in this section are intended only for those who want to add a thin layer of anonymity on top of what they currently have (which is likely almost no anonymity). Off the Shelf Solutions