Web Application Attack: Cross site scripting (aka XSS)

Reflected XSS Reflected XSS is a technique that uses the web server's domain and attached your own script onto the domain; the attacker then uses this link and sends to unsuspected user, once the user clicked on the link the script is executed by user's browser. Test for XSS Preparing a link that attaches attacker's … Continue reading Web Application Attack: Cross site scripting (aka XSS) →

Web Application Pentesting: Manual SQL injection

Reference: http://en.wikipedia.org/wiki/SQL_injection In a nutshell SQL injection allows unauthorized people to use SQL syntax to query the web server database backend, it is called injection because the SQL syntax is inserted into web application variables. The purpose for this post is to raise awareness of what is SQL injection and how serious it is if … Continue reading Web Application Pentesting: Manual SQL injection →

Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor

Creating a persistent backdoor Afterword Modern antivirus program is capable of detecting such backdoor and even prevent the download of the encoded payload into victim's machine; payload encoded by shikata ganai 4 times is not enough to evade most of the modern antivirus program. In the past I used to click and execute unknown java … Continue reading Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor →

Metasploit: Keylogging

I was not able to do the keyscan successfully in my previous lab, now I found out the reason why. meterpreter > getdesktop Session 0\SAWinSta\Default meterpreter > The meterpreter is not in winsta0 and hence cannot capture the keystrokes of the victim. explorer.exe has access to winsta0 api and hence is able to record the … Continue reading Metasploit: Keylogging →

Metasploit and Social Engineering Toolkit: Kill Antivirus (eg. AVG2012)

Metasploit is packaged with killav script, but this script only kills avgrsx.exe which will respawn after the process is terminated. AVG has a program known as watchdog: avgwdsvc.exe which ensures the terminated AVG process is respawned again; seriously this makes killing antivirus difficult. The AVG IDS agent program cannot be terminated by any privileges which … Continue reading Metasploit and Social Engineering Toolkit: Kill Antivirus (eg. AVG2012) →

Metasploit: Post exploitation with meterpreter

Exploit and payload preparation Start the exploit Post exploitation: Understand the exploited environment Whoami What is the machine? Which process has meterpreter attached to? Post exploitation: Using script to enhance your finding Is this a real machine or virtual machine? What is the user doing now? Can I see it? A screenshot will pop up. … Continue reading Metasploit: Post exploitation with meterpreter →

Metasploit: Singles, Stagers, Stages

In the previous post i have written about how meterpreter works in steps. Step 1: Apply exploit and send payload. This step 1 is the stagers. The stagers contains reverse tcp ruby scripts or bind tcp scripts, the purpose is to first establish a client-server relationship, after client-server is established, an upload from attacker to … Continue reading Metasploit: Singles, Stagers, Stages →

Metasploit: About Meterpreter

Meterpreter is a tool that is packaged together with the metasploit framework. The features of meterpreter are: 1. Does not create any files on the harddisk, it resides in memory and attaches itself to a process. 2. client-server communication is in the form of type-length-value (TLV) format. 3. client-server communication between attacker machine and victim … Continue reading Metasploit: About Meterpreter →

Metasploit: Gaining remote access to Windows XP

The target system is an old Windows XP system that has no service pack. The exploit used is dcom ms03_026. Exploit is like a backdoor found within a program bug usually this bug is a buffer overflow bug which caused the register to be overwritten, the overwritten register is loaded with the payload you select. … Continue reading Metasploit: Gaining remote access to Windows XP →