Penetration Testing – Goldenhacking

USB Rubber Ducky – Hacking like Angela in Mr. Robot – How to buy it

Posted on 22 October 201816 July 2020 by D3x3

The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute. Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, … Continue reading USB Rubber Ducky – Hacking like Angela in Mr. Robot – How to buy it →

How to add external modules to metasploit-framework

Posted on 25 May 201825 May 2018 by D3x3

Sometimes, some exploits are released as modules for metasploit-frameworks on online databases such as exploit-db but are not added to the metasploit database. So, how to add them manually? Simple, it is necessary that the form is written in ruby, and therefore has extension ".rb". Open console metasploit: sudo service postgresql start msfconsole IIIIII dTb.dTb … Continue reading How to add external modules to metasploit-framework →

Sherlock – Windows exploitation checker – for local privilege escalation

Posted on 5 May 20185 May 2018 by D3x3

Sherlock PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring (KiTrap0D) MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page MS14-058 : TrackPopupMenu Win32k Null Pointer Dereference MS15-051 : ClientCopyImage Win32k MS15-078 : Font … Continue reading Sherlock – Windows exploitation checker – for local privilege escalation →

OWASP SecLists Project – Github Repository

Posted on 5 May 20185 May 2018 by D3x3

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box … Continue reading OWASP SecLists Project – Github Repository →

Reverse shell cheat sheet

Posted on 5 May 2018 by D3x3

Reverse Shell Cheat Sheet If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a … Continue reading Reverse shell cheat sheet →

Local File Inclusion and Directory traversal

Posted on 2 May 20182 May 2018 by D3x3

Directory traversal It is essential to mention this attack before we start talking about LFI. If possible, when making an attack of type LFI, it would be useful to be able to identify the location of the file containing the vulnerability. In the present case, making a directory traversal type attack will allow to know … Continue reading Local File Inclusion and Directory traversal →

[Download] PTH-Toolkit – Passing the hash Tools collection

Posted on 26 April 201826 April 2018 by D3x3

pth-toolkit GitHub Download - CLICK HERE A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems The master branch is compiled for amd64, the final goal will be to cross compile these tools to every possible architecture Currently … Continue reading [Download] PTH-Toolkit – Passing the hash Tools collection →

Metasploitable 2 – Penetration testing tutorial

Posted on 17 April 201817 April 2018 by D3x3

Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. It have a bunch of bug and misconfigurations, plus different web … Continue reading Metasploitable 2 – Penetration testing tutorial →

[CTF] Bob 1.0.1 Vulnerable Machine – Vulnhub

Posted on 15 April 201815 April 2018 by D3x3

Initial review: bob 1.0.1 designed by c0rruptedb1t which is available at the following address is a CTF style vulnerable machine that made me have fun but at the same time stress. Download Here I thank him for reminding me to never stop thinking outside the box. This VM was not that difficult in itself, but … Continue reading [CTF] Bob 1.0.1 Vulnerable Machine – Vulnhub →

[CTF] JordanInfosec – JIS-CTF: VulnUpload

Posted on 13 April 201813 April 2018 by D3x3

Jordaninfosec-CTF01 is a very simple vulnerable machine, it does not require many notions of penetration testing, but it is a good way to start the study of penetration testing and to learn the research methodology in addition to the CTF (Capture the Flag) mechanism. In this guide we will go through each step step by … Continue reading [CTF] JordanInfosec – JIS-CTF: VulnUpload →

	_srikantsoni on How to make a Fake login page…
	[Video IT] Vulnhub T… on [VIDEO IT & EN] Vulnhub Tr…
	[VIDEO IT & EN]… on [Video IT] Vulnhub Trollcave C…
	Local File Inclusion… on Cracking linux password with J…
	[Video] SSH brutefor… on [Video] From SSH Shell to Mete…