travisaltman.com
» Blog Archive » Metasploit set rhosts file
http://travisaltman.com/metasploit-set-rhosts-file
Laquo; Brute force MySQL with Nmap. IPhone: quick process to check for local files of interest. Metasploit set rhosts file. Just a quick tip I don’t see documented a bunch of places, when you want to feed metasploit a list of targets in a file you need to use the following syntax. Below is a screenshot for context. This entry was posted on Saturday, January 31st, 2015 at 7:14 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0. June 4th, 2016 at 7:15 pm.
travisaltman.com
» Blog Archive » iPhone: quick process to check for local files of interest
http://travisaltman.com/iphone-quick-process-to-check-for-local-files-of-interest
Laquo; Metasploit set rhosts file. Defeating MDM: Enrolling a jailbroken device into a mobile device management system. IPhone: quick process to check for local files of interest. Plug iPhone or iPad into Mac. User iExplorer or iFunbox to explore file system of apps. Export relevant directories to local box (Usually Library and *.app). Search for files of interest. Search inside the files for items of interest. IExplorer can open plist in quick view. You can open databases with Sqlite browser.
travisaltman.com
» Uncategorized
http://travisaltman.com/category/uncategorized
Archive for the ‘Uncategorized’ Category. Laquo; Older Entries. Encode your SQL injection attacks. Friday, October 30th, 2015. Encoding SQL injection attacks is nothing new and automated tools like SQLmap will more than likely find flaws via this method. That being said I was combing through some of my old docs and found what I think is a decent explanation how this type of attack leads to SQL injection. The other classic SQL injection string ‘ or 1=1 also gives us a 500 error, most of those classic ‘ or...
travisaltman.com
» Blog Archive » Sqlmap – crawl and discover SQL injections
http://travisaltman.com/sqlmap-crawl-and-discover-sql-injections
Laquo; Burp extension environment for Python. Brute force MySQL with Nmap. Sqlmap – crawl and discover SQL injections. I use these command line switches to automate the process, I’ve had some good results. Python sqlmap.py -u http:/ example.com - forms - batch - crawl=10 - cookie=jsessionid=12345 - level=5 - risk=3. Forms = Parse and test forms. Batch = non interactive mode, usually Sqlmap will ask you questions, this accepts the default answers. Crawl = how deep you want to crawl a site.
travisaltman.com
» Blog Archive » Defeating MDM: Enrolling a jailbroken device into a mobile device management system
http://travisaltman.com/defeating-mdm-enrolling-a-jailbroken-device-into-a-mobile-device-management-system
Laquo; iPhone: quick process to check for local files of interest. Encode your SQL injection attacks. Defeating MDM: Enrolling a jailbroken device into a mobile device management system. MDM or mobile device management. AFW) which looks to close the gap and add a lot of MDM capabilities which will greatly help organizations adopt the Android platform, especially in a BYOD. Environment. With that intro out of the way let’s get to how one can break MDM. This will focus on iOS. Enrolling a jailbroken de...
travisaltman.com
» About
http://travisaltman.com/about
My name is Travis as you might have guessed from the domain name. Originally from Lake City, SC but currently residing in Richmond, VA. I work and teach in the info security field. The purpose of this site is to share my experiences and hopefully help others in the process. I love feedback so please feel free to contact me or post comments. With White as Milk. Designed by Azeem Azeez.
travisaltman.com
» Blog Archive » Brute force MySQL with Nmap
http://travisaltman.com/brute-force-mysql-with-nmap
Laquo; Sqlmap – crawl and discover SQL injections. Metasploit set rhosts file. Brute force MySQL with Nmap. Just a quick one liner, you can also incorporate this into a huge sweep of the network which will hopefully identify MySQL databases with weak or default credentials. Nmap -p 3306 10.10.10.10 - script mysql-brute - script-args userdb=user.txt,passdb=pass.txt. This entry was posted on Wednesday, December 24th, 2014 at 3:14 am and is filed under Uncategorized. Mail (will not be published).
travisaltman.com
» mobile
http://travisaltman.com/category/mobile
Archive for the ‘mobile’ Category. Defeating MDM: Enrolling a jailbroken device into a mobile device management system. Friday, May 1st, 2015. MDM or mobile device management. AFW) which looks to close the gap and add a lot of MDM capabilities which will greatly help organizations adopt the Android platform, especially in a BYOD. Environment. With that intro out of the way let’s get to how one can break MDM. This will focus on iOS. Enrolling a jailbroken device can very from quite simple to reversing...
SOCIAL ENGAGEMENT