Just a few moments ago, Neil Roiter has reported on SearchSecurity that The Metasploit Project (and the Metasploit Framework) has been acquired by Rapid7, a network vulnerability management vendor. This news has been confirmed by Rapid7 (see website) Read more
Just wanted to drop a quick note about the release of another free script. This time I’ve written a simple FTP fuzzer (with a little help from HDMoore) in Metasploit. You can read more about it (and download the Read more
In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins Read more
In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take Read more
In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a Read more
Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by Read more
First of all, download psexec from the Microsoft website. http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx From and elevated/admin command prompt (cmd.exe, "run as administrator"), run psexec –s cmd.exe
C:\>whoami peter
C:\>psexec -s cmd.exe
PsExec v1.83 – Execute processes remotely Read more
Windows XP Method 1
1. In Folder Options, on the Offline Files tab, press CTRL+SHIFT, and then click Delete Files. The following message appears:
The Offline Files cache on the local computer will be re-initialized. Any changes that have Read more
