Hi guys,
Scince the crash or 110mb.com's box no 16, Some of the data on my homepage has been deleted. I'm currently making one from the scratch using php.
It is available at http://kalgecin.110mb.com. Be sure to visit.Although it contains very little info, i'd appreciate if you would contribute as to what to add to my site:)
Wish you all the best
Thursday, April 30, 2009
Monday, April 27, 2009
Site is back!
It appears that the 110mb.com have managed to fix the problems that they had with their server.
Happy hacking guys :)
Happy hacking guys :)
Saturday, April 25, 2009
Home page down!
It appears that the server on which my site is hosted at 110mb.com is down. and so is my site. I just hope that my pages are intact because i'll have to rebuild the whole site!
Bypassing filters with metasploit
hi to all those who are following this blog
sometimes when exploiting a hole in a webpage eg. php. the exploit fails because of a filter.The filter may be filtering all non-printable characters(which is quite often).
to bypass the filter, you can "encode" the payload. ie. just before issuing "exploit" type
set ENCODE
where encoder is one of the compatible encodess. to see these, type
show encoders
good luck!!
sometimes when exploiting a hole in a webpage eg. php. the exploit fails because of a filter.The filter may be filtering all non-printable characters(which is quite often).
to bypass the filter, you can "encode" the payload. ie. just before issuing "exploit" type
set ENCODE
where encoder is one of the compatible encodess. to see these, type
show encoders
good luck!!
Using Metasploit
to use the metasploit framework, all you have to do is type a few lines of instaructions. I won't be spoonfeeding anyone so i'll just put some "generic" examples. I'll be using zenwalk version of linux.
open a console and type "./msfconsole"
next, after the console is loaded type "search" where '' is your search criteria. Decide which exploit you are going to use and type "use ".Next type "show payloads". This will show all the compatiable payloads for the framework. Pick one and type "set PAYLOAD ". Next set all the required options listed in "show options". To so type "set ". When your are done, all you have to do is type "exploit" and the framework will launch an exploit against the specified target. If all goes well, you will have a working session. To view the session type "sessions" and you will find a session there type "sessions -i " where '' is the session number. And VOILLA! you are inside the computer!
open a console and type "./msfconsole"
next, after the console is loaded type "search
Tuesday, April 7, 2009
password cracking 5
the admin was very surprised and the admins asked me how i did it. i did point out that the greatest of their weaknesses were that they left the computers without signing out, weak password choosing and depending too much on the ready made tools out of the box. from that day on they hired some penetration testers to audit the school network.
this is just but one real life example on how most of the admins are ignorant, dependent on tools and lazy.
stay safe and don't depend on the programs out of the box.
this is just but one real life example on how most of the admins are ignorant, dependent on tools and lazy.
stay safe and don't depend on the programs out of the box.
Sunday, April 5, 2009
password cracking 4
yeah i was ready for that. next i opened the cmd and typed the path to the other copy. within seconds, i had the hashed passwords on my flash. when i reached home, i launched 'john the ripper' to crack the passwords. with the dictionary from milw0rm that was used to generate the markov file, and john's magnificent rules, i cracked all the passwords within 72 minutes. the next day i went to school and was able to login as an admin. i sent an email from the admin address to the head and all other admin staff.
Saturday, April 4, 2009
password cracking 3
so i downloaded a copy of fgdump at home and saved two copies in different folders. the next day i went to school and was eager to find an unattended admin logged in. i saw one of the admins at a computer and told a any to tell him that the headmaster was calling him. the admin woke up and left. i had at most 5 mins to complete my plan. i inserted the flash and opened the folder containing one of the fgdump copy. the copy got automatically deleted and a virus warning issued.
more on the next blog :)
more on the next blog :)
Friday, April 3, 2009
password cracking 2
next i wanted to know their network structure and if they are monitoring the students activities. went to whatismyip.com and took down the ip. the ip directed to a proxy, meaning that there is a high probability that all the traffic is filtered and logged. i went home and used nmap to scan the whole subnet to get an overview of the structure. the wonderfull zenmap have me a graffical view of the network structure. all the network was directed to a proxy then to a firewall.
stay tuned for the next blog :)
stay tuned for the next blog :)
Subscribe to:
Posts (Atom)
Posts
