How to create a Metasploit module Dec 13, 2013 Today I want to review how to create a metasploit module. This process was entirely new to me, so I decided to start from scratch, using the Metasploit Unleashed site as a guide. My aim was to create an auxiliary scanner to look for Dropbox listeners running on the default ports of TCP/17500 and UDP/17500. I use Kali Linux, so all of my examples will reflect such. Where to begin? ...
Professional Organization Habits Dec 6, 2013 This is a topic I’ve had a love/hate relationship with my entire life. I was once forced to go to a time management workshop on Saturdays in high school. My friend and I spent more time talking to the girls in front of us than actually listening to what the lecturer was saying, so I wonder if I missed out on something there… I still struggle with time management and focusing on one task at a time until completion. ...
DNS Recon Nov 22, 2013 The Domain Name System is crucial for human interaction with networks. Gathering information about a target is critical to performing a successful penetration test, and the DNS service is one of the key sources of this information. Today, I want to write about the different types of information that can be discovered by probing this service using a mix of command line tools and web resources. There are many tools available to interact with DNS, but today I’m going to cover the use of nslookup, host, and dig on the command line, and the netcraft website. ...
BSides DC 2013 Oct 21, 2013 Some thoughts of mine* from BSides DC 2013: Bruce Potter - Keynote My takeaway from this discussion was that we should all strive to be better hackers, and moreover, people in general. Meh, that’s simplified and cliche, so let me expand: This industry has grown large. Very large. What was once the realm of what I’ll call “true” blackhats and whitehats - those adventurers whose sole purpose was to seek the thrill of hacking offensively and defensively - has had billions of dollars infused into it over the past two decades. ...
Subdomain Enumeration Oct 7, 2013 As with most things related to pen-testing, there are many different ways to enumerate the subdomains of your target. One promising tool I’ve been playing with recently is recon-ng. I won’t be at all surprised if recon-ng becomes as popular for the reconnaissance phase of a pentest as metasploit has become for the exploit phase. Today, though, I want to talk about a fun method I used a few weeks ago to find out more about the subdomains of my target. ...
Configure Your Environment Oct 1, 2013 In my last post on Reverse Shell Methods, I discussed the shell a lot. As a penetration tester, I spend the majority of my actual “work” time in a shell. I leverage Windows, OSX, and Linux about evenly throughout the day, so I’ve tried to customize my environment in all three, though I have had substantially more success tweaking OSX and Linux to my liking. Today, I want to discuss the way I’ve configured my OSX, Kali, and Metasploit prompts to give me the information I need when I need it - for example, when you are writing your penetration test report. ...
Reverse shell methods Sep 30, 2013 Welcome and Hello! Let’s get started… Today’s topic: Reverse Shells What is a Reverse Shell? A reverse shell is a method by which penetration testers (and bad guys!) can gain a shell, or user command access, on a target. They are very useful because they initiate communication from a trusted host inside the perimeter to a host outside of the perimeter. This means a reverse shell has the capability to bypass firewall ingress rules, which would prevent incoming connections - aka bind shells - from reaching into the network to gain user command access on a host. ...
OSX Terminal - List Processes Jun 23, 2012 The UNIX command for listing processes from the command line is: ps “ps” stands for “process status” and by default it will print a list of processes identifiers, controlling terminals, CPU time (user and system), state, and the associated command. Here is the output I see when I type “ps” at the terminal: $ ps PID TTY TIME CMD 17559 ttys000 0:00.05 -bash 23627 ttys000 0:00.01 man ps 23630 ttys000 0:00. ...
Federal conference takeaways Jun 12, 2012 Network Defenders MUST Understand What They Defend I know, this is common sense, right? Wrong. Enterprise networks continue to grow cruft; very rarely will they stagnate. Often times networks are set up by one group of people, all of whom are long gone by the time you show up to do your job and leave behind no documentation (feeling that gut churn yet?). What do you do then? Your job. ...
Powershell Environment Variables Mar 13, 2012 Here, I will describe a couple of methods to determine Powershell’s environment variables. Environment variables correlate names to values of special paths that the host Operating System relies on for functionality. For example, Windows hosts use an environment variable called TEMP to label a folder as the place for applications to place data that is temporary in nature - such as application installers. Method One ls env: That’s “ell-ess space env colon. ...