Search Engines

Sometimes you just need a search engine to find some data… and since every one does things differently, here’s a giant list of them:

And due credit to Wikipedia, which helped me discover many of these.  Here you’ll find everything from the usual Googles and Bings to price searches, local search engines, scientific data respositories, and more.  You just have to play with each one to figure out what it does. 🙂

All systems below were active as of 2017-05-23.

Continue reading “Search Engines”

OSINT: Google and LinkedIn

This is the quick-hit version of the Open Source Intelligence (OSINT) training I gave on using data from Google and LinkedIn to profile an individual or organization.  As with all of the formal training, you can use the below for a quick reference, or view the full presentation here: OSINT – Social Media (Google and LinkedIn) (basic_0x08)

Google

Note: Do not use spaces between an operator (e.g. “-”) and the thing it operates on.  For example:

bob -dylan      # No Bob Dylan results
bob - dylan     # Bob Dylan shows up in results

Continue reading “OSINT: Google and LinkedIn”

Bruteforcing ESSID Values

If you need to reveal an (E)SSID you can do this simply through MDK3.  To do so we’ll use the “p” mode, as follows:

mdk3 {INTERFACE} p -f /path/to/file/of/potential_names -t {AP_MAC_ADDRESS} -b {CHARSET}

For the “CHARSET” you can use “a” (for all characters, not recommended except for tiny names), or one or more of the following:

  • u – Uppercase
  • l – Lowercase
  • n – Numbers
  • s – ASCII symbols

Good hunting!

MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation

This is quick-hit version of part three of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 3 of 3 (Pivoting and Automation) (basic_0x04)

The purpose of this article is to cover pivoting, port-forwarding, and automation to expand the reach of your tools and reduce the amount of time you spend on repetitive work.  Part one covered starting up the MSF, finding an exploit, finding a matching payload, and configuring everything up to the point of launching the exploit. Part two covered exploitation and post-exploitation modules to the point where you are comfortable with the various ways of manipulating a system after you’ve opened a session to it.  This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!

Continue reading “MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation”

MSF Fundamentals 2017 (Part 1 of 3) – Console to Payload

This is quick-hit version of part one of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit.  If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 1 of 3 (Startup Exploit Payload) (basic_0x02)

The purpose of this article is to get you familiar with starting up the Metasploit Framework (MSF), finding an exploit, finding a matching payload, and configuring everything up until it’s time to launch an exploit.  Part two will cover exploitation and post-exploitation modules, while part three will cover pivoting, lateral movement, and automation.  This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016.  If that’s true, then let’s go!

Continue reading “MSF Fundamentals 2017 (Part 1 of 3) – Console to Payload”

Wireless Attack: WPA

The following is a quick-hit list of commands for attacking a WPA wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WPA network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.

For the sake of this tutorial the AP will be assumed to have a MAC address of “99:88:77:66:55:44” and the client will be assumed to have a MAC address of “00:11:22:33:44:55”. The wireless network card we will use will be assumed to be “wlan0”.

If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WPA & WPS (basic_0x01)

Continue reading “Wireless Attack: WPA”

Wireless Attack: WEP

The following is a quick-hit list of commands for attacking a WEP wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WEP network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.

For the sake of this tutorial the AP will be assumed to have a MAC address of “DE:AD:DE:AD:DE:AD” and the client will be assumed to have a MAC address of “BE:AD:ED:BE:AD:ED”. The wireless network card we will use will be assumed to be “wlan0”.

UPDATE 2017-01-01: If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WEP (basic_0x00)

First up, boot up Kali and shut down any potentially interfering programs:

airmon-ng check kill

Continue reading “Wireless Attack: WEP”

Website Powered by WordPress.com.

Up ↑