When performing a penetration test on a customer’s network by simulating an
attack and trying to find a way inside many forget there is an easier way.
Many networks have well established security protection through firewalls,
Intrusion Detections/ Protections Systems that will alert to your presents.
Performing a vulnerability scan using tools such as NeXpose, Nessus, nmap,
etc will alert many systems. By performing some research on the target and
learn what the company does you can narrow your attack. By using some social
engineering you can email your payload to an inspecting victim at the company
that will allow you to establish a foothold thereby allowing you to further
exploit their network. This can be accomplished by using the Metasploit
binary payloads with Shikata-ga_nai encoding scheme.
Metasploit Antivirus Bypass
When making plans to email or deliver your ... (more)
The Metasploit Framework is a penetration testing toolkit, exploit
development platform, and research tool. The framework includes hundreds of
working remote exploits for a variety of platforms. Payloads, encoders, and
nop slide generators can be mixed and matched with exploit modules to solve
almost any exploit-related task. A very nice feature in Metasploit is the
ability to pivot through a Meterpreter session to the network on the other
side. This tutorial walks you through how this is done once you have a
Meterpreter session on a foreign box. We begin right after a client sid... (more)
The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J.
Hudson and licensed under an Apache-style license. OpenSSL has lots of
features but I will cover encoding, checksums, encryption, passwords and pass
Many Linux distributions have OpenSSL as part of the bundled packages and is
most likely located in /usr/bin. To find it on your system type:
$ which openssl
$ openssl version
OpenSSL 1.0.0a 1 Jun 2010
Versions may vary and currently openssl-1.0.0d Feb 8 is the current version.
Most of the examples that are found in this document sh... (more)
The Microsoft Remote Desktop Protocol (RDP) provides remote display and input
capabilities over network connections for Windows-based applications running
on a server. RDP is designed to support different types of network
topologies and multiple LAN protocols. Remote Desktop Services formerly
know as Terminal Services on Windows 2000 Server allow a server to host
multiple, simultaneous client sessions. Remote Desktop uses Remote Desktop
Services technology to allow a single session to run remotely. Thus a user
can connect to a Remote Desktop Session Host server by using Remot... (more)
The goal of the scanning phase is to learn more information about the target
environment and discover openings by interacting with that target
environment. This article will look at some of the most useful scanning tools
freely available today and how to best use them. During this process we'll
perform a number of scans.
Network sweeping - Basic technique used to determine which of a range of IP
addresses map to live hosts. Network tracing – A facility for tracing the
route of a computer that is connected to the Internet. Port scanning –
software application designed... (more)