In my previous post I discussed how to Setup a Fake Access Point with Backtrack Linux Although I love Backtrack Linux one of the tools I really miss is Cain & Able, I thought some of you will want to setup a Fake AP when Pentesting on Windows systems as well. So, here it goes… I am using an Alfa …
Setup a Fake Access Point With BackTrack5
Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP. There are a lot of Tutorials and Scripts for setting up a Fake AP, The “Gerix” tool also have an option to auto set …
Resolver
I needed a simple tool that can preform a reverse dns lookup for a given IP address or for a range of IP’s in order to find its PTR. Usually I use Linux which has several tools for querying DNS, One of my favourite tools is the “host” command which can be used for this task: root@bt”>root@bt:~# host …
Wophcrack – Ophcrack web interface
Rainbow tables are really useful when cracking password hashes, One disadvantage of these tables is their size which can get up to tens and even hundreds of gigs. I really liked the Offensive security Crackpot online hash cracker and i thought it would be really nice to have a web interface for my rainbow tables which i can access from web …
ScreenSpy – New Meterpreter Script Review
Yesterday a new Meterpreter script named “ScreenSpy” was added to the Metasploit redmine. The script was written by Roni Bachar, You can read the official release notes on his Blog. This Meterpreter script captures images on remote host desktop at a predefined interval and then displays the images sequence . This emulates a live view of the remote host …
Meterpreter Script – Windows Service Creator
There are several ways to Backdoor a machine that has been compromised, One of them is placing your executable as a windows service. The advantages are that user doesn’t have to log on in order for the service to run, non like placing it in the startup via registry which requires user to log in. …
Exploit KB Vulnerable Web App
During my SQL Injection learning journey I needed a vulnerable web application for practice I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL. I must confess, I am not a programmer and I have never coded in PHP …
Patching and Compiling Cowpatty UBUNTU 10.04
I was playing around with some wireless attack tools today, Mostly with cuda based tools such as pyrit. I wanted to check my new Core i7 PC and GPU cracking capabilities and speed on my UBUNTU 10.04 64bit OS. Pyrit supports WPA cracking with Cowpatty, At first i decided to do some benchmarking for different …
Metasploit Java Meterpreter Payload
If you haven’t noticed the Metasploit Framework has a JAVA meterpreter payload for some time now It supports all the commands supported by the PHP meterpreter, as of SVN revision 9777, and additionally the ipconfig, route, and screenshot commands. It is not fully implemented into the framework yet and in order to get it up and …
Digital Whisper Magazine issue 11
Wrote an article named : “Buffer Overflows 101” which was published today on the Israeli Security Magazine “Digital Whisper” issue 11. The article is in the Hebrew language and covers the basics of buffer overflows,fuzzing,olly basics,writing a metasploit modules and more… The article has a companion tar.gz file which includes the source code of the vulnerable server (Which was …
Cracking Sofaware Safe@Office UTM (SBOX) Passwords
The Safe@Office UTM is a fully-integrated stateful inspection firewall, intrusion prevention, VPN and antivirus gateway, specifically designed to meet the needs of small businesses of various sizes. You can manage the Safe@Office (SBOX) via a web interface or SSH, This product has several passwords stored in its configuration such as: 1. User passwords 2. VPN …
darkc0de.com Archive
Recently i noticed that darkc0de.com is down darkc0de.com was a security and hacking related website which contained a large archive of python (and other scripting languages) scripts,exploit and tutorials. It was a great resource for learning and getting custom made tools For those of you who didn’t got the chance to download its content I …
BLOG Updates and WordPress fingerprinting tool
I got a request from visitors to be able to get posts via e-mail, Now you can subscribe to your category of intrest and get updates whenever a new post is published. I also decided to start a “pick of the week” or “tool of the week” postings where each week i’ll post tools and …
Client side attacks using evil JAVA applets
About a year ago I stumbled upon a Facebook clone phishing site which contained an evil Java applet, At the time SET wasn’t introduced yet and only few articles disscussing this attack vector were published (Another applet creation process was published by Jabra and described later on the Offensive Security “Metasploit Unleashed” Online course). No source code was released …
How strong is your fu for charity – iVuln Writeup
On June 19th 2010 I attended the Offensive Security “How strong is your fu for charity” challenge , The objectives were to pawn 5 machines in 48 hours time frame. After some enumeration and rumors on the IRC channel it became clear to me that the easiest machine to pawn was the 192.168.x.200 (named iVuln), a …
Recent Comments