Let’s say you’re in a location where the WEP network you’ve found is a bit guarded with replay attacks, or are practically no clients from which to capture a target packet. How can you get around this to generate data and crack the encryption?
Windows System Wiping
If you’re looking for a quick way to clean out unused drive space, Windows 7 and on have a built-in tool called Cipher that can handle that easily. To wipe all free space on a drive (the C: drive in the below example) just use the following syntax:
cipher /w:c:There are a lot of additional features to this tool (which you can review at the link above), but a scheduled task to wipe your free space on a regular basis can greatly reduce the probability of data recovery in the event your device is stolen. Consider it a standard part of your regular hygiene along with drive encryption.
Linux Login Notifier
Here’s a quick script I wrote some years ago to notify me when an interactive session is being launched from one of my servers. Feel free to modify/use however you see fit. Thanks!
#!/bin/bash
# Place this in /etc/profile.d/whatever-name-you-like.sh
NOTIFYADDRRESS="your_email_address"
FROMADDRESS="sending_email_address"
THESYSTEM=`hostname`
THATUSER=`awk -v USER=$UID -F : '$3 == USER {print $1}' /etc/passwd`
CURTIME=`date --rfc-3339=ns`
echo "Login from ${THATUSER} (${UID}) on ${CURTIME}" | mail -aFrom:${FROMADDRESS} -s "${THATUSER} just logged into ${THESYSTEM}" -r ${FROMADDRESS} ${NOTIFYADDRESS}It just fires off an email whenvever an interactive session is started.
MSF Fundamentals 2017 (Part 2 of 3) – Exploitation and Post-Exploitation
This is quick-hit version of part two of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 2 of 3 (Post-Exploitation with Meterpreter) (basic_0x03)
The purpose of this article is to cover exploitation and post-exploitation modules to the point where you are comfortable with the various ways of manipulating a system after you’ve opened a session to it. Part one covered starting up the MSF, finding an exploit, finding a matching payload, and configuring everything up to the point of launching the exploit. Part three covers pivoting, port forwarding, and automation. This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!
Continue reading “MSF Fundamentals 2017 (Part 2 of 3) – Exploitation and Post-Exploitation”
MSF Fundamentals 2017 (Part 1 of 3) – Console to Payload
This is quick-hit version of part one of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 1 of 3 (Startup Exploit Payload) (basic_0x02)
The purpose of this article is to get you familiar with starting up the Metasploit Framework (MSF), finding an exploit, finding a matching payload, and configuring everything up until it’s time to launch an exploit. Part two will cover exploitation and post-exploitation modules, while part three will cover pivoting, lateral movement, and automation. This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!
Continue reading “MSF Fundamentals 2017 (Part 1 of 3) – Console to Payload”
TP-Link TG-3468 and VMWare ESXi 6.5
This is a quick note for anyone who is looking for a cheap gigabit Ethernet PCI-E card for their ESXi 6.5 system: the TP-Link TG-3468 works well, and is only about $12. It’s not supported natively, however, so you have to do the following:
Hermit's Cave 