Search Results for: backtrack
Installing Watobo on BackTrack 5
Watobo author Andy Schmidt made 2 great videos about installing Watobo on Windows and on BackTrack 5.
I created a rather simple and short shell script to install Watobo on BT5. Nothing new, nothing sensational, just to alleviate the installation process.
Continue reading
Backtrack 4 cheat sheet
Download backtrack from http://www.remote-exploit.org/backtrack_download.html. Current version at the time of writing is BT4 Pre-Final.This document is based on BT4 pre-final. Ergo, some of the instructions below may not work with other versions of BT. FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 – The Definitive Guide 1. Installing Backtrack […]
Cheatsheet : Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper
Basic steps : Put interface in monitor mode Find wireless network (protected with WPA2 and a Pre Shared Key) Capture all packets Wait until you see a client and deauthenticate the client, so the handshake can be captured Crack the key using a dictionary file (or via John The Ripper) I’ll use a Dlink […]
Cheatsheet : Cracking WEP with Backtrack 4 and aircrack-ng
I know, there a probably already a zillion number of websites that show how to crack WEP. So I guess this will be website zillion+1 learning how to audit your own WEP security. To be honest, the main reason I’m putting this info on this blog because I just wanted it as a quick reference- […]
Creating and installing lzm modules in Backtrack 2
Today, I will explain how you can create your own lzm modules & patch the backtrack 2 final ISO file (by adding your new module). First of all, get a fresh copy of the bt2final.iso file from http://www.remote-exploit.org/backtrack_download.html Write the ISO file to a CD and boot from the CD. This will load the bt2final […]
BlackHatEU2013 – Day1 – Practical Attacks against MDM solutions
Good morning everyone, Welcome to BlackHat Europe 2013 ! As announced in my post a couple of days ago, I’ll try to post short write-ups about some of the talks right after the presentation has finished. All you have to do is keep an eye on my Twitter feed to see when a new post is […]
Debugging Fun – Putting a process to sleep()
Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading
Pastenum – Pastebin/pastie enumeration tool
When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.
Today, we want to present a tool that can be added to your reconnaissance toolkit.
Continue reading
Corelan Training "Corelan Live – Win32 Exploit Development Bootcamp"
Introduction Starting this year, Corelan will be teaching live Win32 exploit development classes at various security conferences. Titled “Corelan Live – Win32 Exploit Development Bootcamp“, this 2-day instructor-led course will teach everything you need to know about writing exploits for a Win32 environment and exploiting stack based vulnerabilities. During the first day, all basics about […]
Death of an ftp client / Birth of Metasploit modules
Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications.
Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server.
The 3 main audit/attack vectors that were used during the “project” were
send back overly long responses to ftp commands / requests sent by the ftp client to the server
send back a file/directory listing that contains overly long file/folder names
try to download a file that has an overly long filename.
Continue reading
Donate
Your donation will help funding server hosting.
