background preloader

Pen-testing

Facebook Twitter

Untitled. Regularly checking your macOS systems for properly configured systems, apps, and services with Lynis helps administrators harden devices by minimizing their attack surface.

untitled

The process of hardening your system takes on many forms as the whole is made up of several individual components that, when combined, formulate a profile for minimizing the attack surface of your devices. Like a defense in depth strategy, which forms the crux of cybersecurity best practices, hardening of computer systems is but one cog in the wheel of client security, where that in turn is a portion of the overall security posture for the environment.

Untitled. Untitled. Installing Metasploit Framework in OS X. GitHub - leebaird/discover: For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Dump Windows password hashes efficiently - Part 1. Windows Security Account Manager Slightly modified definition from Wikipedia: The Security Accounts Manager (SAM) is a registry file in Windows NT and later versions until the most recent Windows 7.

Dump Windows password hashes efficiently - Part 1

It stores users' passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords. Generally, dumping operating system users' password hashes is a common action following a compromise of a machine: getting access to the password hashes might open the doors to a variety of attacks including, but not limited to, authenticate with the hash over SMB to other systems where passwords are reused, password policy analysis and pattern recognition, password cracking, etc. Depending on the type of access that you have got to the target, you can retrieve the password hashes from SAM in different ways. Physical access These tools are generally included in many GNU/Linux live distributions.

Encyclopaedia Of Windows Privilege Escalation - Brett Moore. Windows Privilege Escalation Fundamentals. Forgot administrator password? The Sticky Keys trick. Windows-privesc-check. Unix-privesc-check. Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).

unix-privesc-check

It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases). Securityweekly. Metasploit has A LOT of exploits, but from time to time you will very likely need to use exploits that are not part of the framework.

securityweekly

Whether it is an exploit from www.exploit-db.com that spawns a shell or a netcat listener you can still use the framework to control the host. As long as you have a shell bound to a TCP port you can use metasploit to interact with that victim. What’s more, you can upgrade that shell to a meterpreter session so you can benefit from the full power of the framework. First, to connect to a shell bound to TCP port you will need to use the payload SHELL_BIND_TCP. Exploiting Format String Vulnerabilities for Fun and Profit. Exploit code development. Exploit writing tutorial part 1 : Stack Based Overflows. Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org.

Exploit writing tutorial part 1 : Stack Based Overflows

(see The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was released just a little bit later. Nice work. You can copy the PoC exploit code, run it, see that it doesn’t work (or if you are lucky, conclude that it works), or… you can try to understand the process of building the exploit so you can correct broken exploits, or just build your own exploits from scratch. MSF Vs OS X - Metasploit Unleashed. Jkook: SSLStrip Step by Step on Ubuntu.

SSLStrip used along with MITM to hack SSL websites.You will need following toolsSSLStriparpspoofettercapUbuntu LinuxInternet ConnectionVictim has to be in the same subnetStep 1:- Download SSLStrip from Step 2:- Unzip the downloaded files use "tar -zxvf sslstrip-0.4.tar.gz" Step 3:- Build SSLStrip change directory to unzip folder run "python setup.py build" Step 4:- Install SSLStrip run "sudo python setup.py install" , Requires root privilages Step 5:- Install arpspoof "sudo apt-get install dsniff" Step 6:- Install ettercap "sudo apt-get install ettercap"

jkook: SSLStrip Step by Step on Ubuntu

Man in the Middle Attacks - How to Use Arpspoof and SSLStrip. This is my tutorial on Man In The Middle attacks using Arpspoof and SSLStrip.

Man in the Middle Attacks - How to Use Arpspoof and SSLStrip

I've tried to explain things in a little more depth than many tutorials out there, so hopefully you will understand what is actually happening rather than just firing off tools at targets and hoping for results. I wrote this guide for a friend, what's up man! Install the Tools. Mac Tips and "How To" On a Mac: How to Install Aircrack on Mac. SecTools.Org Top Network Security Tools. Wednesday-DIsaacs_OfftheWireWirelessPenetrationtesting.pdf. Wednesday-DIsaacs_OfftheWireWirelessPenetrationtesting.pdf. Ethics of penetration testing.

Legal Issues in Penetration Testing. By Mark Rasch When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road.

Legal Issues in Penetration Testing

His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at the switch. On his first day at work, he successfully shoplifted for several hours, until at the end of the day, he was caught. When detained, he showed the security guards his (temporary paper) ID card, and he was promptly beaten up. The story illustrates some of the dangers associated with penetration testing. Legal Authority. Legal Issues. When used properly, Nmap helps protect your network from invaders.

Legal Issues

But when used improperly, Nmap can (in rare cases) get you sued, fired, expelled, jailed, or banned by your ISP. Reduce your risk by reading this legal guide before launching Nmap. Is Unauthorized Port Scanning a Crime? The legal ramifications of scanning networks with Nmap are complex and so controversial that third-party organizations have even printed T-shirts and bumper stickers promulgating opinions on the matter, as shown in Figure 1.3.

The topic also draws many passionate but often unproductive debates and flame wars. Figure 1.3. Frequently Asked Questions ~ VulnHub. Troubleshooting Back To The Top Well that depends on what you have downloaded: '.7z', '.RAR', '.TAR', '.TAR.BZ2' and '.ZIP' - These are different compressed archive formats.

Frequently Asked Questions ~ VulnHub

They can be extracted to reveal additional files. 7-zip is free, cross-platform and is able to extract all the mentioned formats. '.ISO' and '.IMG' - These are disk images of an optical disc. They could be burnt onto a CD/DVD (IMGBurn), loaded onto a USB stick (UNetbootin) or mounted inside a virtual machine. '.NVRAM' - The virtual machine's BIOS. '.OVA' - 'Open Virtualization Archive' is a single compressed archive ('.tar') which contains the entire virtual machine (Virtual machine's settings ('.OVF') & hard drive ('.VMDK')). This can be imported into virtualization software. '.OVF' - 'Open Virtualization Format' is the configuration file for the virtual machine.

Metasploit Unleashed. Armitage Tutorial - Cyber Attack Management for Metasploit. About ArmitageBefore we begin... Getting StartedHow to get any woman to talk to you User Interface TourSo many pretty screenshots Host ManagementYou've got to find them to hack them. Every Day is Zero Day: Installing Metasploit and Armitage on Mac OSX 10.9 Mavericks. Like most people out there, I have tried to install Metasploit and Armitage using other blog posts first and found that the process failed somewhere along the line.

This is yet another attempt to document my experience with the installation, that does borrow heavily from other sources, with a few minor tweaks. Every Day is Zero Day: Installing Metasploit and Armitage on Mac OSX 10.9 Mavericks. Tools. Hackery. OSINT. Debian / Ubuntu: Set Port Knocking With Knockd and Iptables. My iptables based firewall allows only port TCP 80 and 443. I also need tcp port # 22, but I do not have static IP at my home. How do I open and close TCP port #22 on demand under Debian or Ubuntu Linux based server systems? How do I install a port-knock server called knockd and configure it with iptables to open tcp port #22 or any other ports? Debian or Ubuntu Linux comes with knockd. It is a port-knock server. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. Knockd installation Open a terminal or login to the remote server using the ssh client. [sudo] password for vivek: Reading package lists...

Configurations Edit the file /etc/knockd.conf, enter: $ sudo vi /etc/knockd.conf Update the config file as follows. Set Up SSH Tunneling on a Linux / Unix / BSD Server To Bypass NAT. Ch21 : Configuring Linux Mail Servers. Email is an important part of any Web site you create. Ch21 : Configuring Linux Mail Servers. Online Penetration Testing Tools. About this tool 'Find Subdomains' allows you to discover subdomains of your target domain and increase your attack surface.

Footprinting

Footprinting and scanning tools. SpiderFoot - The Open Source Footprinting tool. Intelligence Gathering - The Penetration Testing Execution Standard. This section defines the Intelligence Gathering activities of a penetration test. The purpose of this document is to provide a standard designed specifically for the pentester performing reconnaissance against a target (typically corporate, military, or related). Flu Project: Anubis. Anubis es una aplicación desarrollada por Juan Antonio Calles en colaboración con Pablo González, del Flu Project Team, diseñada para anexionar gran parte de las herramientas necesarias para los procesos de las Auditorías de Seguridad y Test de Intrusión dedicados a la búsqueda de información, denominados Footprinting y Fingerprinting, en una única herramienta.

Con ésta herramienta el auditor no solo conseguirá ahorrar tiempo durante la auditoría, sino que descubrirá nueva información que de manera manual no podría gracias a las automatizaciones que lleva Anubis incorporadas.

Hardware hacking

Hacking Embedded Devices: UART Consoles - MWR Labs. The ‘Hardware Hacking’ scene has exploded recently, thanks largely to the widespread adoption of devices such as the Arduino and Raspberry PI by the hacking community. Applying hardware hacking techniques during product assessments can often give unrivaled levels of access to hidden or undocumented functionality particularly when reviewing embedded devices such as routers, switches and access points.

John The Ripper Hash Formats. John the Ripper is a favourite password cracking tool of many pentesters. There is plenty of documentation about its command line options. I’ve encountered the following problems using John the Ripper. John-users - LM and NTLM C/R cracking. Defence in Depth: Attacking LM/NTLMv1 Challenge/Response Authentication. In Part 1 of the “LM/NTLMv1 Challenge/Response Authentication” series I discussed how both the LANMAN/NTLMv1 protocols operate and the weaknesses that plague these protocols. l0phtcrack.rant.nt.passwd. Wireshark: Determining a SMB and NTLM version in a Windows environment « Knowledge for all (and free) ! The last few days I am playing around with wireshark and I must say I enjoy working with this program. Stealing Passwords With Wireshark. Netcraft - Search Web by Domain.