NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

InfoSec Topics

Peleus

When learning complex subjects with a large range of variety it can often be overwhelming to find what you need to learn in order to get “good” at your chosen discipline. Many discussions center around advice such as you need to know “everything” or other unhelpful, unspecific outlines. I’ve made an infosec mind map for my own learning which I hope you find useful. The purpose of this is to break down different topics into bite sized chunks of learning. By bite sized it may still take you a week or two to get a handle on any one topic within the map, but if you can successfully check off each item you should have a good handle on each discipline listed.

[Read more…]

Filed Under: Ramblings Tagged With: beginner, hacking, learning

So you want to be a Hacker?

Peleus

Recently I’ve been reading a ton of questions, posts and general discussion about getting into the ‘Information Security’ game, and in my opinion at least it’s typically followed up by a fair amount of misleading information. That might be a little harsh considering I’m sure it’s good intentioned, it’s also even possible that the advice worked for them (there is no one size fits all advice) but I thought I’d lay my thoughts out here in the hope of helping a new budding hacker move forward.
[Read more…]

Filed Under: Ramblings Tagged With: beginner, hacking, newbie, starting

Creating Metasploit Payloads

Peleus

Often one of the most useful (and to the beginner underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps something that can give you a shell in almost any situation. For each of these payloads you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for the relevant payload used and configure all necessary options (LHOST, LPORT, etc). Execute and wait for the payload to be run. For the examples below it’s pretty self explanatory but LHOST should be filled in with your IP address (LAN IP if attacking within the network, WAN IP if attacking across the internet), and LPORT should be the port you wish to be connected back on.
[Read more…]

Filed Under: Metasploit Tagged With: generation, hacking, metasploit, payloads, shellcode

Obtaining Windows Passwords

Peleus

The windows passwords can be accessed in a number of different ways. The most common way would be via accessing the Security Accounts Manager (SAM) file and obtaining the system passwords in their hashed form with a number of different tools. Alternatively passwords can be read from memory which has the added benefit of recovering the passwords in plain text and avoiding the cracking requirement. In order to understand the formats you’ll see when dumping Windows system hashes a brief overview of the different storage formats is required.
[Read more…]

Filed Under: Passwords Tagged With: hacking, passwords, privilege escalation, windows

Converting Metasploit Module to Stand Alone

Peleus

Sometimes you might want to have a stand alone exploit, but the only option out there is a Metasploit module. Sure you could always just fire up Metasploit and use it… but what fun would that be? Besides it’s great to understand what’s going on under the hood of the Metasploit modules for both getting a handle on writing your own exploits and in the future even writing your own Metasploit modules and contributing back to the fantastic project.

Requirements

  • Windows XP – SP3 Virtual Machine (Victim).
  • Kali Linux Virtual Machine (Attacker).
  • Allied Telesyn TFTP Server 1.9 (Available here).
  • A willingness to give things a go.

[Read more…]

Filed Under: Tutorials Tagged With: exploit writing, hacking, metasploit

  • 1
  • 2
  • Next Page »

Copyright © 2022 · Genesis Sample on Genesis Framework · WordPress · Log in