hexesec.wordpress.com
0x0e.org | pentesting perspective | braindump on pentesting, QA, metasploit, constant learning | Page 2
https://hexesec.wordpress.com/page/2
Braindump on pentesting, QA, metasploit, constant learning. Metasploit HowTo: Standalone Java Meterpreter Connect-Back. Here are some quick notes on how to create a connect-back Java Meterpreter .jar file. The process is very straightforward, simply generate the .jar, setup a handler. Then move the .jar to your target and execute it. To do this is currently out of date (10/17/2010). Following mihi’s instructions. Now, set up the handler:. October 17, 2010 at 11:41 PM. Searching ruby source code. HereR...
hexesec.wordpress.com
System Event Monitoring with Prosody and jablog.rb | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2011/03/22/390
Braindump on pentesting, QA, metasploit, constant learning. System Event Monitoring with Prosody and jablog.rb. Leave a comment ». The tl;dr version of this post is:. It turns out to be super handy to be able to monitor your logs (and send commands) via XMPP. To do so, here is a simple setup. Apt-get install prosody (Tested on ubuntu 10.04.2 LTS). Configure a VirtualHost for your domain in the config file /etc/prosody/ (see: http:/ www.0x0e.org/x/prosody.ctl.lua. 8230; And the backstory / howto:. To be f...
hexesec.wordpress.com
throwaway osx post (until i need it again) | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2011/04/16/throwaway-osx-post-until-i-need-it-again
Braindump on pentesting, QA, metasploit, constant learning. Throwaway osx post (until i need it again). Leave a comment ». Instead of ports) for installing software. Trying bind an applescript to a key? It’s worth it). Reaper, ableton, tweetdeck, etc. April 16, 2011 at 11:51 PM. Laquo; System Event Monitoring with Prosody and jablog.rb. Leave a Reply Cancel reply. Enter your comment here. Fill in your details below or click an icon to log in:. Address never made public).
hexesec.wordpress.com
Pentestify. | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2011/06/22/pentestify
Braindump on pentesting, QA, metasploit, constant learning. Leave a comment ». I’m over here. June 22, 2011 at 3:23 AM. Tagged with moving pentestify blog. Laquo; password hangover. Leave a Reply Cancel reply. Enter your comment here. Fill in your details below or click an icon to log in:. Address never made public). You are commenting using your WordPress.com account. ( Log Out. You are commenting using your Twitter account. ( Log Out. You are commenting using your Facebook account. ( Log Out.
hexesec.wordpress.com
pianobar is epic! | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2010/11/13/pianobar-is-epic
Braindump on pentesting, QA, metasploit, constant learning. Just pointed me at pianobar. A command-line client for pandora. It gets rid of the need for flash player, and allows you to bypass some of the limitations of the web client (you can skip more than 5 songs! To install (on Ubuntu):. Sudo apt-get install git-core libao-dev libfaad-dev libmad0-dev git clone git:/ github.com/PromyLOPh/pianobar.git cd pianobar make sudo make install. November 13, 2010 at 7:05 PM. Subscribe to comments with RSS.
hexesec.wordpress.com
June | 2011 | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2011/06
Braindump on pentesting, QA, metasploit, constant learning. Archive for June 2011. Leave a comment ». I’m over here. June 22, 2011 at 3:23 AM. Tagged with moving pentestify blog. Just saw the Hangover 2. 8211; funny (and true) bit on passwords…. As an international drug dealer tranfers money between accounts:. 8220;your password is bologna1? 8220;it used to be bologna, but they make you include a stupid number now”. Jcran@disko: /framework/modules$ find . grep login grep -v svn. June 10, 2011 at 6:30 PM.
hexesec.wordpress.com
IP List to KML generator (Create a google map from a list of IPs) | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2010/11/11/ip-list-to-kml-generator-create-a-google-map-from-a-list-of-ips
Braindump on pentesting, QA, metasploit, constant learning. IP List to KML generator (Create a google map from a list of IPs). Pretty simple, it takes a file with a list of ips, one/line and generates a kml file. Very handy if you’re working on a large pentest and want to track down (and visualize) where a particular host is located. It uses the Yahoo GeoIP API to grab location data. Ip=6523.23.33 url = http:/ ipinfodb.com/ip query.php? Xml version= 1.0 encoding= UTF-8? November 11, 2010 at 3:39 AM.
hexesec.wordpress.com
password hangover | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2011/06/10/hangover
Braindump on pentesting, QA, metasploit, constant learning. Just saw the Hangover 2. 8211; funny (and true) bit on passwords…. As an international drug dealer tranfers money between accounts:. 8220;your password is bologna1? 8220;it used to be bologna, but they make you include a stupid number now”. Sadly (… or happily, depending on your perspective :] ) , weak passwords are still common…. metasploit has some awesome modules to test passwords:. Auxiliary/scanner/http/wordpress login enum.rb. You are comm...
hexesec.wordpress.com
Pentesting Skillset | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2008/07/05/pentesting-skillset
Braindump on pentesting, QA, metasploit, constant learning. I’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a list of necessary skills for potential hires. These are the skills i find necessary and want to promote in my own team. I’m curious if the list is what you would expect a penetration tester to know? This list doesn’t focus on important things like the security mindset. Risk and Threat M...
hexesec.wordpress.com
Loading only the Metasploit modules you use | 0x0e.org | pentesting perspective
https://hexesec.wordpress.com/2010/11/12/loading-only-the-metasploit-modules-you-use
Braindump on pentesting, QA, metasploit, constant learning. Loading only the Metasploit modules you use. The framework is taking quite a while to load on my machine these days, so i decided to stop loading all modules by default, and load only those modules i need. Here’s the process:. Simply comment the module-loading lines in the framework file lib/msf/base/simple/framework.rb, so :. If (Msf: Config.module directory) framework.modules.add module path(Msf: Config.module directory) end. Pre jcran@disko: ...
SOCIAL ENGAGEMENT