Practical Exploitation:

Hi there, My boss wanted me to deploy a cert for firefox ? i did some search and i came across this link http://nsis.sourceforge.net/Import_Root_Certificate#Usage_2 . my question how do i get started ? do i need to nsis in my servers ? kinda noob

“Deploy a cert for Firefox” does he mean install your CA’s cert in all your Firefox installs? There needs to be a bit more context to what you are trying to accomplish, sorry.

Ask me anything

L4amer takes us through 3 tools that do enumeration using null sessions. Metasploit, rpcclient, and smbenum.py

Breaking in via SQLi (SQLNinja) and Metasploit with PTH and Token stealing.

Jason takes us through exploit a web application, uploading a php shell, and finally getting command line access and more.

Not a podcast

Please remember, this is not a podcast, we aren’t checking out a new tool, playing with it for a week, and then showing it off. Here are a list of our current projects though:

IPv6 Attacking

Trojans, RATs, and Malware

Fuzzing each layer of the OSI model

Adding features, and supplying patches to open source projects

DNSMap vs Fierce2 vs Metasploit (dns_enum)

A crucial step to any pentest, or information gathering session is DNS enumeration. This video shows you how 3 tools excel or fail at what they were designed to do.

Apology

I apologize for the lack of releases, sick kids and a failed drive have kept me pretty wrapped up. More soon though, plus a fresh new look for the site.

Rob,

Could you cover anti-virus evasion? I was going through Metasploit Unleashed and they have a small section on this. I tried to create a payload of windows/shell/reverse_tcp using mfspayload. This wasn't supposed to be caught by AVG according to the course, but it was. I tried encoding it with mfsencode but it was still caught by AVG. Is there some vodoo to get around anti-virus?

jeffhnet

Will do, you aren’t the first to ask, it’s on the list of To-Dos

Great Site, I love the concept of full disclosure of procedures! I was wondering if you could do a segment on what I've always found to be one of the most difficult parts of MSF. With so many exploits/payloads at your disposal, how do you sift through the list and know which will work best for each target?

7h34pp12en7ic3

Definitely! Added to the list. Thanks!

Closer and muti-site upload

So we got it, all the videos from here on with be closer to the console to allow for non-full-screen playing.

Also there was a concern with the ability to download the video. Vimeo allows you to do so, I’ll double check to see if it’s a switch somewhere to turn it on. Either way, we will continue to upload to Blip, Vimeo and Youtube

Thanks

We aren't here to talk about theoretical hacks, or "If" scenarios. Call bullshit on us for anything you can't get working or don't think actually happens.

Want a white paper put into perspective? Can't quite figure out how a tool or exploit works? or works into a pen test? Thats what we do, shoot a comment, tweet, facebook update our way and we'll feature it on a show. You can also post a question right here:

Ask a Question

Practical Exploitation on Facebook

My Blog All of Tumblr

Follow on Tumblr

RSS Feed

Random

From the desk of Mubix and friends:

Real world exploitation examples