I am moving my blog to http://somethingsomethingsecurity.com. Please join me there.
Infosec and other stuff
Tuesday, January 8, 2013
Wednesday, March 28, 2012
Miscellaneous Reminder
Not really a post, just a small collection of things I keep forgetting.
running chrome and vlc as root - http://ksiiitm.blogspot.com/2011/05/running-chromium-browser.html
running network miner in Linux -
http://geek00l.blogspot.com/2008/12/drunken-monkey-running-network-miner.html
execute -m in Metasploit - you can run a file from your machine in memory!!!
execute -f FiLE -H -i -m -d
Find version info
cat /etc/issue
cat /etc/lsb-release
cat /proc/version
uname -a
rpm -q kernel
dmesg | grep Linux
What's happening?
lsof -i
netstat -antup
arp -e
chkconfig --list
ps -ef
cat /etc/service
what's installed
ls -alh /usr/bin
ls -alh /sbin
dpkg -l
did you know?
Having troubles getting database support running on Metasploit on BackTrack5?
Getting a message:
[*] No Active Driver
[*] Available:
blank
Tried everything you could thing of to get MySql or Postgresql working?
It could be because of the way you started msfconsole.
If you start it by /pentest/exploits/framework3/msfconsole or /opt/framework/msf3/msfconsole it does not set the environment variables properly.
Instead start msfconsole from the menu or from /usr/local/bin/msfconsole.
Tip of the hat to http://thisismyeye.blogspot.com
running chrome and vlc as root - http://ksiiitm.blogspot.com/2011/05/running-chromium-browser.html
running network miner in Linux -
http://geek00l.blogspot.com/2008/12/drunken-monkey-running-network-miner.html
execute -m in Metasploit - you can run a file from your machine in memory!!!
execute -f FiLE -H -i -m -d
Find version info
cat /etc/issue
cat /etc/lsb-release
cat /proc/version
uname -a
rpm -q kernel
dmesg | grep Linux
What's happening?
lsof -i
netstat -antup
arp -e
chkconfig --list
ps -ef
cat /etc/service
what's installed
ls -alh /usr/bin
ls -alh /sbin
dpkg -l
did you know?
Having troubles getting database support running on Metasploit on BackTrack5?
Getting a message:
[*] No Active Driver
[*] Available:
blank
Tried everything you could thing of to get MySql or Postgresql working?
It could be because of the way you started msfconsole.
If you start it by /pentest/exploits/framework3/msfconsole or /opt/framework/msf3/msfconsole it does not set the environment variables properly.
Instead start msfconsole from the menu or from /usr/local/bin/msfconsole.
Tip of the hat to http://thisismyeye.blogspot.com
Tuesday, February 28, 2012
Metasploit Community Unleased
A few weeks ago, I saw a message on the Metasploit mailing list (which you should also join, or at least follow on seclists.org) regarding Metasploit Community Edition. The fine folks at Offensive Security have an outstanding training site covering the Metasploit Framework, but do not cover the Community Edition. While by no means is this on the same level as Metasploit Unleashed, I present to you...
Metasploit Community Unleashed
Background
Metasploit Community Edition is a free subset of the paid versions of Metasploit available from Rapid 7. It is initendied to simplify network discovery and vulnerability verification.
Further information about this excellent project can be obtained at: http://www.rapid7.com/products/metasploit-community.jsp
To install Metasploit Community on Backtrack, simply type apt-get install Metasploit at a shell prompt. The wizards at backtrack-linux made the install seamless.
Once the install is complete, start the Metasploit web interface, by selecting the Backtrack Miscellaneous menu or /opt/metasploit/ctlscript.sh start. Metasploit Community Edition runs as a ssl web application on port 3790. On first run, you must license your copy with Rapid 7 and create a user.
Metasploit Community Edition Scanning
Begin by creating a new project and filling in the project name, description and network range. On the new workspace select the scan button. Enter the IP address or range to scan. Selecting Show Advanced Options allows fine grained tuning of the scan details including adding specific nmap scanning options. exclusions and timing options.
Metasploit Community Unleashed
Background
Metasploit Community Edition is a free subset of the paid versions of Metasploit available from Rapid 7. It is initendied to simplify network discovery and vulnerability verification.
Further information about this excellent project can be obtained at: http://www.rapid7.com/products/metasploit-community.jsp
To install Metasploit Community on Backtrack, simply type apt-get install Metasploit at a shell prompt. The wizards at backtrack-linux made the install seamless.
Once the install is complete, start the Metasploit web interface, by selecting the Backtrack Miscellaneous menu or /opt/metasploit/ctlscript.sh start. Metasploit Community Edition runs as a ssl web application on port 3790. On first run, you must license your copy with Rapid 7 and create a user.
Metasploit Community Edition Scanning
Begin by creating a new project and filling in the project name, description and network range. On the new workspace select the scan button. Enter the IP address or range to scan. Selecting Show Advanced Options allows fine grained tuning of the scan details including adding specific nmap scanning options. exclusions and timing options.
Once the scan is completed, the analysis section can be used to sort the discovered devices.
Clicking on Hosts will provide a summary of what was found.
You can also import scans from a variety of different vulnerability scanners. Metaspolit Community Edition will parse through the vulnerabilities and display the relevant Metasploit modules.
To run Metasploit modules against discovered devices, check zero or more devices in the Anlysis section and click on the Modules icon, or select the Modules section.
Search the modules to find the Metasploit module to run. Search keywords can be used as shown in the example for smb version scanning.
Depending on the module selected, extra options may need to be provided.
Exploiting
Select services and we cam see that one of our targets is running Windows XP SP2 so we will attempt to run the exploit for MS08-067 against it.
In the analysis section, select the XP machine and click on Modules and search for ms08-067. By default, a Meterpreter TCP connection will be used as the payload.
After a succesful exploit click on session and then click on the new session. Several ways are available to interact with the system including shells, file browsing and the numerous Post Exploitation Modules available in Metasploit.
Have Fun and consider making a donation to Hackers for Charity http://www.offensive-security.com/metasploit-unleashed/Donate
Subscribe to:
Posts (Atom)