Archive for the ‘Linux’ Category

FSExploitMe and Exploit-Exercises

March 17, 2015 Leave a comment

If you are interested in learning about ActiveX exploitation, security researcher/consultant/professor Brad Antoniewicz has created FSExploitMe for just that purpose.

You’ll want a copy of Internet Explorer 8 to get the most out of it, but fortunately you can get a VM running IE8 for *free* from Microsoft.

And if you are interested in getting deeper into Linux exploitation, has pre-built VM’s with capture-the-flag style levels and challenges for each level. It also has challenges for beginners to expert and is designed to teach:

[…]about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

Categories: Disassembly, Linux, Tech, Windows

iSecPartners – Auditing high-value applications cheat-sheet

July 22, 2014 Leave a comment

iSecPartners has released on GitHub a “cheat-sheet” for auditing high-value applications. It’s well worth a read.

This list is intended to be a list of additional or more technical things to look for when auditing extremely high value applications. The applications may involve operational security for involved actors (such as law enforcement research), extremely valuable transactions (such as a Stock Trading Application), societal issues that could open users to physical harassment (such as a Gay Dating Application), or technologies designed to be used by journalists operating inside repressive countries.

It is an advanced list – meaning entry level issues such as application logic bypasses, common web vulnerabilities such as XSS and SQLi, or lower level vulnerabilities such as memory corruption are explicitly not covered. It is assumed that the reader is aware of these and similar vulnerabilities and is well trained in their search, exploitation, and remediation.

A good example of the type of analysis to strive for can be shown in Jacob Appelbaum’s analysis of UltraSurf:

Free Online CTF and Penetration Testing Course

June 14, 2014 1 comment

From Trail of Bits, they are offering a free online CTF and penetration testing course. Lots of great material from a well respected organization.


Named Pipes in a *nix shell

November 11, 2013 Leave a comment

Most of those familiar with *nix are familiar with piping data “|” to other programs. At the very least, you probably have piped the result of many commands into grep (ls | grep x).

But did you know you can pipe output into a named pipe in a terminal/shell?

This article is from 1997, but this information on using named pipes certainly hasn’t expired:

The simplest way to show how named pipes work is with an example. Suppose we’ve created pipe as shown above. In one virtual console1, type:

ls -l > pipe1

and in another type:

cat < pipe

Voila! The output of the command run on the first console shows up on the second console. Note that the order in which you run the commands doesn’t matter.

Categories: Linux, Tech

[link] Introduction to Unix signals programming

October 4, 2013 Leave a comment

If you’re mystified by *nix signals programming, have a look at this short guide.

Signals, to be short, are various notifications sent to a process in order to notify it of various “important” events. By their nature, they interrupt whatever the process is doing at this minute, and force it to handle them immediately. Each signal has an integer number that represents it (1, 2 and so on), as well as a symbolic name that is usually defined in the file /usr/include/signal.h or one of the files included by it directly or indirectly (HUPINT and so on. Use the command 'kill -l' to see a list of signals supported by your system).

Each signal may have a signal handler, which is a function that gets called when the process receives that signal. The function is called in “asynchronous mode”, meaning that no where in your program you have code that calls this function directly. Instead, when the signal is sent to the process, the operating system stops the execution of the process, and “forces” it to call the signal handler function. When that signal handler function returns, the process continues execution from wherever it happened to be before the signal was received, as if this interruption never occurred.


Categories: Linux, Programming

Bypassing anti-virus for fun and profit with Veil-Evasion

September 30, 2013 Leave a comment

Veil is a tool used to generate payloads that bypass antivirus solutions.

This is a pretty cool project. Integrating this with Cobalt Strike and/or Metasploit can help demonstrate that anti-virus is nowhere near a panacea. Oh, and you can pop some shells on your next pen-test much more easily :)

Also, veil is in the Kali Linux repos now, so get it installed:

apt-get update
apt-get install veil
Categories: Linux, Tech, Windows

Secure Coding Guide from Apple

September 13, 2013 Leave a comment

[PDF] Secure Coding Guide

Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user’s data from theft or corruption. In addition, an insecure program can provide access for an attacker to take control of a server or a user’s computer, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users.

Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document.

Categories: Apple, Linux, Programming, Tech

smbexec is awesome

July 17, 2013 Leave a comment

Great article

This post will show you how to verify if an account has remote log in capabilities and if a domain admin account can be leveraged from the systems on the network. We are working on a metasploit module, but currently the functionality only exists in smbexec (v1.2.2).

More information:

smbexec – Tutorial for System Enumeration Options

Categories: Linux, Tech, Windows

Easy MiTM bash script for BackTrack 5

June 8, 2013 Leave a comment

I’ve been using this MiTM bash script (easy-creds) to make some of my pen-testing easier. Previously I had used my own fakeap script, and had to manually start ettercap, sslsniff, urlsnarf, etc.

This bash script automates the process *AND* it will download and patch FreeRadius, turning it into FreeRadius-WPE (Wireless Pwnage Edition).

I tried using this on Kali Linux, but because Kali has dropped the dhcp-server package and replaced it with isc-dhcp-server, it doesn’t work correctly out of the box (although it reportedly can be made to work).


Categories: Linux, Tech

Remote execute via WMI…from Linux

May 25, 2013 Leave a comment

WMI supports remote process execute by calling the create method of the Win32_Process namespace. I have used these instructions to remotely execute a process on a Windows system, from my Linux system.



Categories: Linux, Tech, Uncategorized