The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute. Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, … Continue reading USB Rubber Ducky – Hacking like Angela in Mr. Robot – How to buy it
Category: Penetration Testing
How to add external modules to metasploit-framework
Sometimes, some exploits are released as modules for metasploit-frameworks on online databases such as exploit-db but are not added to the metasploit database. So, how to add them manually? Simple, it is necessary that the form is written in ruby, and therefore has extension ".rb". Open console metasploit: sudo service postgresql start msfconsole IIIIII dTb.dTb … Continue reading How to add external modules to metasploit-framework
OWASP SecLists Project – Github Repository
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box … Continue reading OWASP SecLists Project – Github Repository
Reverse shell cheat sheet
Reverse Shell Cheat Sheet If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a … Continue reading Reverse shell cheat sheet
Local File Inclusion and Directory traversal
Directory traversal It is essential to mention this attack before we start talking about LFI. If possible, when making an attack of type LFI, it would be useful to be able to identify the location of the file containing the vulnerability. In the present case, making a directory traversal type attack will allow to know … Continue reading Local File Inclusion and Directory traversal
[Download] PTH-Toolkit – Passing the hash Tools collection
pth-toolkit GitHub Download - CLICK HERE A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems The master branch is compiled for amd64, the final goal will be to cross compile these tools to every possible architecture Currently … Continue reading [Download] PTH-Toolkit – Passing the hash Tools collection
Metasploitable 2 – Penetration testing tutorial
Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. It have a bunch of bug and misconfigurations, plus different web … Continue reading Metasploitable 2 – Penetration testing tutorial
[CTF] Bob 1.0.1 Vulnerable Machine – Vulnhub
Initial review: bob 1.0.1 designed by c0rruptedb1t which is available at the following address is a CTF style vulnerable machine that made me have fun but at the same time stress. Download Here I thank him for reminding me to never stop thinking outside the box. This VM was not that difficult in itself, but … Continue reading [CTF] Bob 1.0.1 Vulnerable Machine – Vulnhub
[CTF] JordanInfosec – JIS-CTF: VulnUpload
Jordaninfosec-CTF01 is a very simple vulnerable machine, it does not require many notions of penetration testing, but it is a good way to start the study of penetration testing and to learn the research methodology in addition to the CTF (Capture the Flag) mechanism. In this guide we will go through each step step by … Continue reading [CTF] JordanInfosec – JIS-CTF: VulnUpload