Recently i noticed that darkc0de.com is down darkc0de.com was a security and hacking related website which contained a large archive of python (and other scripting languages) scripts,exploit and tutorials. It was a great resource for learning and getting custom made tools For those of you who didn’t got the chance to download its content I …
Blog
BLOG Updates and WordPress fingerprinting tool
I got a request from visitors to be able to get posts via e-mail, Now you can subscribe to your category of intrest and get updates whenever a new post is published. I also decided to start a “pick of the week” or “tool of the week” postings where each week i’ll post tools and …
Client side attacks using evil JAVA applets
About a year ago I stumbled upon a Facebook clone phishing site which contained an evil Java applet, At the time SET wasn’t introduced yet and only few articles disscussing this attack vector were published (Another applet creation process was published by Jabra and described later on the Offensive Security “Metasploit Unleashed” Online course). No source code was released …
How strong is your fu for charity – iVuln Writeup
On June 19th 2010 I attended the Offensive Security “How strong is your fu for charity” challenge , The objectives were to pawn 5 machines in 48 hours time frame. After some enumeration and rumors on the IRC channel it became clear to me that the easiest machine to pawn was the 192.168.x.200 (named iVuln), a …
Manual Egghunter/Shellcode Encoding using Python
You are probably wondering what this post is all about, well….it’s about manually encoding egghunter shellcode why would you want to manually encode the shellcode if you have built in encoders in the metasploit framework ? Before we begin have a look at the following exploit by muts : HP OpenView NNM 7.5.1 OVAS.exe SEH …
N@T Shell
A while back I needed a way to make metasploit’s meterpreter persistent or to be able to remotely execute it whenever needed. I decided to try and create a tool for doing that using Visual Basic Let me first say that i am not a programmer, I have very basic programming skills (some code snippets …
Exploit DEV Tools – Finding bad characters
Finding bad characters while developing an exploit can sometimes be an exhausting task The following tools are very useful when dealing with bad characters Tools: * Rename files extension to .pl Using generatecodes.pl : This script generates a c style buffer of all characters from 0 to 255, except those specified in a comma seperated …
KAV Bloopers?
After watching Offensive-Security I Piss on Your AV Presentation I’ve decided to test my a/v. In this presentation muts shows how to defeat the signature based detection, He used an old backdoor called ncx which listens for incoming connections on port 99 and spawns a bind shell. The process is creating a Code Cave and …
SSH Tunneling
What is SSH ? SSH stands for “Secure Shell”, It used to create a secure connection between two computers. SSH supplies a command line interface for remote administration/management of Linux based systems or even CISCO routers, It allows us to securely perform various maintenance tasks and more…basically we can think of it as “secured telnet”. …
Recent Comments