NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

Writing Shellcode to a File

Peleus

This really is a trivial code snippet, but as with most scripts it comes in handy because it simplifies even a basic task further. Save this to a simple filename like ‘hex2file’ and place it in your /usr/bin directory. Whenever you need to write out hex characters directly to a file use the following syntax.

hex2file 4142434445 > hexfile.bin

hex2file 4142434445 > hexfile.bin

[Read more…]

Filed Under: Python Snippets Tagged With: file, python, shellcode

Multi-Threaded Brute Forcer

Peleus

Recently I undertook a challenge that needed attempt a brute force login on an application. I quickly wrote up a brute forcing script that took advantage of threads to increase the rate of attempts. This application is not usable ‘as is’ because of course you’ll need to modify and enter your own IP address and login syntax. Otherwise it should be useful as a template to threadify any tasks you wish to complete.

The logic of the script is to read in a list of username and password values, then push the usernames onto a queue. Each username (handled by an individual thread) goes through and tests each of the passwords in the list against the application. If the text that appears in a failed login appears it will print the failed message, otherwise it will print login successful.
[Read more…]

Filed Under: Python Snippets Tagged With: brute force, passwords, python

OSCP Review

Peleus

There are a ton of certification’s in the information security space. While some certifications are ‘good’ and some are ‘bad’, often it’s more a case of different certs for different purposes. If you want to tick a box on a resume you go for CEH, if you want to focus on the theoretical side you go for CISSP, if your boss is paying you go for SANS, and if you want to learn you go for Offensive Security. Okay okay, perhaps that’s a little harsh on the others but in my opinion Offensive Security offers by far the best value for money certifications on the market today.
[Read more…]

Filed Under: Ramblings Tagged With: certifications, OSCP, PWK, try harder

Fuzz FTP Commands

Peleus

This peach pit makes the assumption that the FTP communication follows the sequence:

‘Receive Banner’ > ‘Send Anonymous Login’ > ‘Receive OK, Request Password’ > ‘Send Password’ > ‘Receive OK’ > ‘Send Command’ > ‘Receive Response’

In order to run this pit you can use the command below, but I’ve also created a python wrapper (below) which can be used to sequentially call peach with different commands to fuzz. This helps automate the process further.

peach -DCOMMAND=###Command to Fuzz### ftp_command_fuzz.xml

peach -DCOMMAND=###Command to Fuzz### ftp_command_fuzz.xml

[Read more…]

Filed Under: FTP Tagged With: commands, ftp, fuzz, peach, pit

Encoding / Decoding Base64

Peleus

Often in the info world you’ll run into plenty of Base64 encoded strings. A typical giveaway is the trailing = or == in many cases.

Tool
base64

Basic Syntax

base64 -i <file>
base64 -di <file>

base64 -i <file> base64 -di <file>

[Read more…]

Filed Under: Programs Tagged With: base64, decode, encode

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 7
  • Next Page »

Copyright © 2022 · Genesis Sample on Genesis Framework · WordPress · Log in