Practical Exploitation

Simple Framework Domain Token Scanner

Tue, 01 Nov 2011 23:11:11 -0400

Simple Framework Domain Token Scanner:

This is so much more than the title…

is this site shutdown? You have not posted anything to Practical Exploitation for a while, love the vids wish you would post more.

Thu, 23 Dec 2010 01:50:09 -0500

Sorry, I will be picking things back up soon.

Ask me anything

Revenge of the Bind Shell - Using Meterpreter and Teredo to make...

Fri, 24 Sep 2010 00:10:00 -0400

Revenge of the Bind Shell - Using Meterpreter and Teredo to make your perimeter useless.

Hello Mubix, hey have my blog up and rolling now which you are following on here but do you know any other good security tutorial based blogs you suggest on tumblr?

Thu, 23 Sep 2010 00:43:32 -0400

On Tumblr? Not that I know of

Dear Rob,

I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help.

Sincerely,

Matt

Thu, 23 Sep 2010 00:43:08 -0400

Added to the list of videos to do.

A step-by-step how to on the popular Dan kaminsky DNS Cache Poisioning Attack would be nice. :)

Thu, 23 Sep 2010 00:42:36 -0400

I’ll see what I can dig up as far as servers are concerned. But I’ll definitely add it to the list

This isn't really a question, but I did my own malware analysis research recently and thought I could help with the metasploit encoding for AV evasion. I tested 8 payloads and 7 encoders with and without multiple encoding iterations. (up to 10 iterations as some payloads don't seem to work correctly with more.) AVG was the only oddball out of the 7 Anti-virus's tested. It found some payloads but not others. The generic encoder was not flagged at all. The strange part is some of the more advanced encoders such as shikata-ga-nai we're flagged dirty on almost all payloads.

Kaspersky Internet Security 2010, Mcafee Security Suite, and Microsoft Security Essentials flagged all payloads as dirty.

Avast free, Avira free, and Norton Internet Security 2010 flagged none as dirty.

I hope this helps, and if you want I can send my spreadsheet covering each AV in depth as metasploit payloads weren't the only "dirty" programs that I tested.
Hope this helps!
-hhmatt@live.com

Thu, 23 Sep 2010 00:37:47 -0400

Nice! Thanks for the info.

Wonderful down-to-earth website on vulnerability testing! I tried the php shell demo verbatim and against a system that should have been vulnerable, but only receive "bad request in header" from burp.

Thu, 23 Sep 2010 00:37:10 -0400

Did you ever find out why?

How do you automatically activate a session in metasploit when you are using a generic/shell_reverse_tcp as for in, example, the java_signed_applet exploit? User interaction is required to actually type: sessions -i 1, whereas in the meterpreter/reverse_tcp the session can be automatically kicked off. Do you know of any method of sending that command -- sessions -i 1 -- to the keyboard so the attacker does not have to sit around all day and interact with the session? Thanks.

Thu, 23 Sep 2010 00:36:45 -0400

You don’t have to interact with a session to have it active. Why would you want to interact with a shell if you weren’t there?

Hi,
I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.

Regards,
JD

Thu, 23 Sep 2010 00:34:38 -0400

I get information from all over. Blogs, Twitter, OSVDB, CVEDetails, PacketStorm, Exploit-DB, Full Disclosure. You never know where that information will hit first, or if it will make a wave enough to carry over to other media. Just got to keep an eye out.

more on ipv6! joe klein has an interesting presentation on the dojosec blog (july), what are you working on?

Thu, 23 Sep 2010 00:33:07 -0400

Will do. I’ll be showing off the THC tools in some coming videos

Thanks for doing this. Great job!
One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post.
Thanks!
Keep up the great work!

Thu, 23 Sep 2010 00:27:24 -0400

Working on it. Thanks for the heads up!

Mubix, thx for all the precious knowledge and tech you share with us.
Lot of a videos i came a cross on net are about point to point attacks or similar, very simple demonstrations.
What i realy wanna see is a little bit complicated attacks with tunneling and proxy implementation on zombie host. And then attack vector thru zombie. Can u do some video about MSF and tunneling, proxy implementation>
Thx,

Thu, 23 Sep 2010 00:14:09 -0400

Definitely. I’ll work on getting it set up. Expect a bunch of videos starting in October.

Here goes. Do you know why spoonwep was dropped from Backtrack 4? Also is it easy to install?

Tue, 07 Sep 2010 14:19:59 -0400

@purehate_ could probably answer that question a lot better since he is a BT dev. Also, I’ve used spoonwep before but it’s been a while. I would expect it to be a pretty easy install.

Ask me anything

1+1

Tue, 07 Sep 2010 10:36:09 -0400

That inquiry is superior to my abilities of deduction. Please ask Wolfram Alpha.

Ask me anything

If you only had exactly 24 hours left to live, no matter what, what would you do?

Mon, 06 Sep 2010 17:44:14 -0400

Sit and talk with all of my closest friends and family.

Ask me anything

Hey Mubix! I was the guy who asked about CDC tool recommendations on Twitter for blue teams/defenders. Any strong suggestions there? Flint by Matasano looks wicked cool, but it turns out it's ASA and PIX only.

Wed, 25 Aug 2010 13:08:10 -0400

My best suggestion for Blue Teamers in an event such as CCDC is teamwork and preparation. Nothing beats practice.

Ask me anything

Hello! I'm trying to find a free packer for my compiled program. The problem is that some AV software recognizes my app as a suspicious file, and I'd like them not to. My goal would is to pass all the virustotal tests. UPX does not help ;)

Wed, 25 Aug 2010 13:06:38 -0400

It really depends on what you want it to do. But definitely check out Polypack @ http://polypack.eecs.umich.edu/

Ask me anything

Have you ever run a portable version of spyware remover through logon scripts i have few machines infected with a nasty spyware and our anti virus does not have e updates to detect this virus at this moment so i was thinking to silently run & remove it

Wed, 25 Aug 2010 13:05:23 -0400

All *-ware removers are only halfway decent at their job, they try but it’s just too hard to keep up. So, normally I just reimage the machine. I keep pretty decent nLite scripts for each host I’ll need to set up.

Ask me anything

Hi Rob , this is a noob question How do i update metaspoilt on backtrack 4 ? can i get the command in doing so . .

Wed, 25 Aug 2010 11:25:14 -0400

Change directory into the “framework3” directory and run `svn up` that will update you to the latest SVN version. While this puts you on the cutting edge of updates to the framework, somethings may be broken, so always keep another copy of the framework a few revisions old.

Ask me anything

Practical Exploitation

Simple Framework Domain Token Scanner

is this site shutdown? You have not posted anything to Practical Exploitation for a while, love the vids wish you would post more.

Revenge of the Bind Shell - Using Meterpreter and Teredo to make...

Hello Mubix, hey have my blog up and rolling now which you are following on here but do you know any other good security tutorial based blogs you suggest on tumblr?

Dear Rob, I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help. Sincerely, Matt

A step-by-step how to on the popular Dan kaminsky DNS Cache Poisioning Attack would be nice. :)

Wonderful down-to-earth website on vulnerability testing! I tried the php shell demo verbatim and against a system that should have been vulnerable, but only receive "bad request in header" from burp.

Hi, I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information. Regards, JD

more on ipv6! joe klein has an interesting presentation on the dojosec blog (july), what are you working on?

Thanks for doing this. Great job! One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post. Thanks! Keep up the great work!

Here goes. Do you know why spoonwep was dropped from Backtrack 4? Also is it easy to install?

1+1

If you only had exactly 24 hours left to live, no matter what, what would you do?

Hey Mubix! I was the guy who asked about CDC tool recommendations on Twitter for blue teams/defenders. Any strong suggestions there? Flint by Matasano looks wicked cool, but it turns out it's ASA and PIX only.

Hello! I'm trying to find a free packer for my compiled program. The problem is that some AV software recognizes my app as a suspicious file, and I'd like them not to. My goal would is to pass all the virustotal tests. UPX does not help ;)

Have you ever run a portable version of spyware remover through logon scripts i have few machines infected with a nasty spyware and our anti virus does not have e updates to detect this virus at this moment so i was thinking to silently run & remove it

Hi Rob , this is a noob question How do i update metaspoilt on backtrack 4 ? can i get the command in doing so . .

Hi,
I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.

Regards,
JD

Thanks for doing this. Great job!
One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post.
Thanks!
Keep up the great work!