A list of all the most up to date, fascinating, and relevant tutorials on this site, and on others. If you are submitting a tutorial, please be sure to include any relevant URL's or sources.
/ by / Mr. P / on / August 04, 2011 @ 3:05 pm
Well, given the recent release of Backtrack 5, and the recent release of Metasploit 4, and knowing how popular the super-quick-and-dirty Autopwn function is, I thought I'd write up a brief instructional on how to get Metasploit 4 up and running on Backtrack 5, and how to use the Autopwn function with it, for those who can't figure it out for themselves.
/ by / Mr. P / on / January 20, 2011 @ 3:42 pm
This one's really quick - if you've ever needed to know some subdomains of a site, consider "dnsmap". It will bruteforce a bunch of subdomains for any domain you give it - and you can customise your own domain. It's pretty simple. Here's the linux instructions
/ by / Mr. P / on / January 20, 2011 @ 1:22 pm
"So - Metagoofil?? What the heck is that??" Yeah, I can hear you saying it now. It's a funny name, but names aside, it's a very useful program. One of the tools that should be included on your list of penetration testing tools - under the "Information Gathering" stage. You ever find yourself stuck with not much of an idea of the internals of a company network, and you need to know a bit more about the hardware, software, or operating systems on the inside? Ever needed to know a username/person within the company so you can perform some targeted social engineering? Metagoofil can help!
/ by / Mr. P / on / October 12, 2010 @ 8:13 am
With the release yesterday of Ubuntu 10.10, on 10/10/10, I decided to put together a brief tutorial on how to upgrade your Ubuntu 10.04 Desktop or Server to the lastest version, Ubuntu 10.10. Before beginning, there's a few things we expect you've done:
- Be sure you apply all updates to the edition of Ubuntu that you're currently running
- If you're running a dynamic website, put it into maintenance mode, just to be on the safe side
- You should probably read the release notes for Ubuntu 10.10, which outline any known problems or issues you may encounter during your upgrade
- We suggest backing up your system (really, we do)
/ by / Mr. P / on / October 01, 2010 @ 4:05 pm
By now you may or may not have heard from Microsoft about the MS10-061 vulnerability that was announced earlier this week. It's a vulnerability in the Print Spooler service that could allow Remote Code Execution on XP, 2003, Vista, 2008, 7, and 2008 R2. It's marked by Microsoft as critical, and they advise you patch straight away. Here's how to exploit it using Metasploit!
/ by / Mr. P / on / August 27, 2010 @ 1:59 pm
Basically, what's going to happen in this tutorial, is you're going to use Metasploit to generate a reverse_tcp payload into a DLL, and you're also going to create a blank "VCF" file, which is a Windows Address Book contact file. We're then going to create an autorun.inf file which gets the USB drive/CD Drive to tell WAB to open the blank VCF, and when it does so, it will automatically load the DLL file as well (the malicious one you generate beforehand). So let's get to it, hey?
/ by / Mr. P / on / August 24, 2010 @ 8:56 am
In order to exploit or test applications for the new WebDAV vulnerability, which we've covered here: http://greyhat-security.com/40-220-windows-exes-vulnerable-remote-code-execution-so-far, you will need to fire up your copy of Metasploit, and type the following...
/ by / Mr. P / on / August 17, 2010 @ 3:53 pm
This tutorial is going to show you how to craft targeted password list - one I can guarantee will give you a higher percentage of success in a shorter amount of time, on average. If you've never created a custom password list - fear not, it's an easy task, and you will enjoy password cracking far more than ever before!
/ by / Mr. P / on / July 21, 2010 @ 4:01 pm
You've probably heard a lot of talk about Metasploit over the years; about how it can speed up the results of exploitation. It is a great tool for Penetration testers. It makes their job of exploitation and post-exploitation a lot easier, and a lot faster. However, coverage on how to use Metasploit is not always readily available. There are a few lesser known features of Metasploit which I would like to show you.
/ by / Mr. P / on / July 21, 2010 @ 2:38 pm
Have you ever wondered just how vulnerable your wireless network was? Ever felt that maybe someone else has access to your wireless network? It's quite possible, and if you would like to know how they did it, read on! This article will teach you how to test your own network, and how to protect yourself and your family from vicious attacks.
