Category: Exploitation

All about exploits!

Exploitation, Training

Compile a simple vulnerability on modern Windows

Visual Studio 2015 Open Visual Studio. Project Properties -> General -> Platform Toolset: Visual Studio 2010 (v100) or Windows7.1SDK Project Properties -> C/C++ -> Optimization -> Optimization: Disabled (/Od) Project Properties -> C/C++ -> Code Generation -> Security Check: Disable Security Check (/GS-) Project Properties -> C/C++ -> Advanced -> Compile As: Compile as C …

Hacking, Metasploit, RedTeaming

Simple Background HTTPS Reverse Meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more. Msfvenom is the combination of payload generation and encoding. msfvenom usage Usage: …

Exploitation, Hacking, OpenVAS, Penetration Testing

Quick OpenVAS setup

Open a terminal on your Kali host. Installation – Configuration openvas-setupopenvas-setup openvas-scapdata-syncopenvas-scapdata-sync openvas-certdata-syncopenvas-certdata-sync Change admin password openvasmd –user=admin –new-password=newpasswordopenvasmd –user=admin –new-password=newpassword Run openvas-startopenvas-start Open your browser and visit the address: https://127.0.0.1:9392/

Exploitation, Hacking

Exploit local and remote file inclusion

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. fimap Features Check a Single URL, List of URLs, or Google results fully automaticly. Can identify …

BeEF, Browsers, Exploitation

How to use BeEF – Quick Tutorial

BeEF – The Browser Exploitation Framework BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using …

Metasploit

How to generate shellcode from custom exe in metasploit

To use a custom exe as a payload or to use your custom exe in a document or excel file, you have to “convert” your exe to shellcode. To accomplish this: 1> Run Kali Linux 2> Open a terminal window 3> Type msfconsolemsfconsole and hit enter 4> Type use payload/generic/customuse payload/generic/custom and hit enter 5> …

Exploitation, Frameworks, OWASP

OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective …

Information Gathering, Metasploit, Reconnaissance

Email harvesting with Metasploit

Email harvesting is the process of obtaining lists of email addresses using various methods. You can check on your own what emails, attackers are going to find about your domain using Metasploit’s module, Search Engine Domain Email Address Collector. This module uses Google, Bing and Yahoo to create a list of valid email addresses for …

Auditing, Detection, Enumeration, Exploitation, Scanners

Local and Remote file inclusion

fimap – A little open source tool for local and remote file inclusion auditing and exploitation. It is published under GNU GPLv2.   fimap is awritten in python and can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for …