Leslie’s computer jokes …


Tor founder warns attack on network could be “really bad,” allowing traffic to be hijacked


Penetration Testing : Hacking Windows Using Metasploit and Meterpreter


Information Treasure

Pentesting with Windows Using Metasploit

Now, in the previous tutorial, which was the first tutorial on practical penetration testing, we got our hacking lab setup and exploited our first victim machine, which was an unpatched and vulnerable Windows XP machine. Our attacker machine was Kali Linux, and we were using Metasploit Framework, the most best tool when it comes to penetration testing (pentesting). We used the MS08-dcom vulnerability, which is a very famous vulnerability in Windows XP. The fact that it is famous means that most of the Windows machines already have this vulnerability patched, which means it will not actually work on a real life system. Now in this tutorial we will move on to payload execution, and see what all we can do after we have successfully exploited a vulnerability. It’s important that you go through the previous tutorial in order to…

View original post 984 more words

Exploit Heartbleed OpenSSL Vulnerability using Kali Linux.


LINUX DIGEST

Heartbleed-logo

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). This guide is specifically designed to show how to detect exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

View original post 678 more words

TOP 13 PENETRATION TESTING LINUX DISTRIBUTIONS


iExplo1t

[Source: concise-courses.com]

OK, none of the following Pentesting distributions were in the top 100 list over atDistro Watchbut we don’t care – we are talking about penetration testing tools – or specifically the creation of distro’s that have all the necessary open source tools that help ethical hackers and penetration testers do their job. Like everything else when it comes to choices, every pentesting distro has its own pros, cons and specialty. Some distro for example are better at web application vulnerability discovery, forensics, WiFi cracking, reverse engineering, malware analysis, social engineering etc.

1. Kali Linux
Kali Linux is aDebian-derivedLinux distributiondesigned fordigital forensicsandpenetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite ofBackTrack, their previous forensics Linux distribution.
Kali Linux is preinstalled with numerous penetration-testing…

View original post 1,931 more words

Preparing Kali linux for penetration testing/vulnerability assessment


popravak

24-Nov-2014 2-43-32 PM

We all know what Kali linux is and what it’s used for. What we need is a comprehensive guide or reminder how to install it and set it up from the scratch. And make it more powerful by adding some cool stuff such as vulnerability scanners. We don’t want to google up every step, do we?

Here is what we will cover in this blog post:

But before we do – a standard disclaimer: don’t do anything you are not authorized to do. In written!

Ok, let us begin…

1. Preparing our virtual environment
First of all, some things may work better in a physical environment. Or may not work in virtual setup at all. Some wireless stuff, perhaps. Anyhow, we will do our…

View original post 2,947 more words

Tutorial WPScan with Kali linux


l33t tutorials

Intentions/Intro

Before I dive in this post, I would like to say that everything I did was for educational purposes only! Now we can move on…
I decided to learn how to use the WPScan tool that’s on Kali linux. WPScan stands for “WordPress Security Scanner”. The tool is very useful and straight forward. The first command that I used was:

$wpscan –help

I believe that’s the wisest command that anyone that wants to learn how to use something should execute, right? The result from that command can be found at the WPScan website.
My next challenge was to find a WordPress website, which was accomplished after Googling for “WordPress website list“. I won’t say which ones I tested this tool, but I can say that it only took me 14 links to find a good target for testing.
I perform my testing using some parameters to…

View original post 267 more words