carnal0wnage.attackresearch.com

LearnSecurityOnline Advanced Penetration Testing Course

Mon, 04/12/2010 - 10:26 by cg

Everyone that knows me knows that I'm a huge LSO supporter. I wouldn't be where I am today without everything I learned from Joe and LearnSecurityOnlin e.

He let me get a preview of his new Advanced Penetration Testing (APT): Pentesting High Security Environments course.

The syllabus is available here:
http://www.learnsecurityonline.com/component/content/article/3-admin/222-apt

I got to look at a good chunk of the labs and its top notch training, plus you get it live from Joe who is by far one of the best instructors out there.

Network Time Protocol (NTP) Fun

Mon, 04/05/2010 - 20:31 by cg

@hdmoore released a new auxiliary module a few days ago that went along with his NTP research he has been doing.

msf auxiliary(ntp_monlist) > set RHOSTS time.euro.apple.com

RHOSTS => time.euro.apple.com
msf auxiliary(ntp_monlist) > info

    Name: NTP Monitor List Scanner
 Version: 8432
 License: Metasploit Framework License (BSD)
    Rank: Normal

Provided by:
hdm 

Basic options:
Name       Current Setting      Required  Description
----       ---------------      --------  -----------
BATCHSIZE    256                  yes       The number of hosts to probe in each set

Msfencode a Msfpayload Into An Existing Executable

Wed, 03/24/2010 - 13:35 by cg

Very cool update to metasploit today:

http://www.metasploit.com/redmine/projects/framework/repository/revisions/8896

This update allows you to msfencode a msfpayload into an existing executable and the new executable still function like the original. So if you inject into calc.exe you get calc.exe and your backdoor.

let's see the new msfencode options:

~/trunk$ ./msfencode -h

Usage: ./msfencode

OPTIONS:

Fking With Foursquare Goes MSF Style**

Fri, 03/19/2010 - 08:15 by cg

mindless foursquare fun goes metasploit style...

msf > use auxiliary/admin/foursquare
msf auxiliary(foursquare) > info

Name: Foursquare Location Poster
Version: $Revision:$
License: Metasploit Framework License (BSD)
Rank: Normal

Provided by:
CG

Basic options:

Fking With Foursquare**

Mon, 03/15/2010 - 18:53 by cg

Foursquare is pretty neat. You can post you location via phone or browser and get nifty badges for different things or become a mayor of a place if you check in to that location the most. Its also exceedingly easy to cheat at.

I only casually mentioned the idea of cheating to @Jack_Mannino and within a few minutes of emailing him the link to the API he was already traveling the globe at record speed.

Foursquare even has a nifty and pretty easy to understand API here:
http://groups.google.com/group/foursquare-api/web/api-documentation

The simplest thing you can do is checkin and post your location by vid or venue.

VMWare Directory Traversal Metasploit Module

Thu, 02/25/2010 - 09:02 by cg

Since everyone else is releasing code to check for/exploit the vmware server/esx/esxi directory traversal vulnerability I pushed up my checker module to the metasploit trunk as an auxiliary scanner module.

If you want to just download a full guest host check out:
GuestStealer -- http://www.fyrmassociates.com/tools/gueststealer-v1.1.pl

or the

nmap script -- http://www.skullsecurity.org/blog/?p=436

Props on the Blog Spam

Wed, 02/24/2010 - 08:15 by cg

Props on the blog spam for this one...

If I hadn't had coffee this morning that one might have snuck on through.

metasploit getsystem command

Fri, 01/29/2010 - 14:34 by cg

Shiny new hotness...

meterpreter > getuid
Server username: WINXPSP3\user **user is an admin, if not admin you can only use -t 4 or -t 0 which will iterate through all options**

meterpreter > use priv
Loading extension priv...success.
meterpreter > getsystem -h
Usage: getsystem [options]
Attempt to elevate your privilege to that of local system.