[hackthebox]Jeeves

Introduction Jeeves is a machine that is rated easy, this machine is hacked through exploiting unauthenticated jeeves dashboard usage. A java reverse shell is executed in Jeeves' console script (where groovy script can be run for troubleshooting) is run and a reverse connection is connected back to my netcat server. Once the reverse connection is … Continue reading [hackthebox]Jeeves →

[hackthebox]Silo

Introduction I attempted this retired machine without reading the htb guides, I went through a lot of rabbit holes and eventually found that the oracle tns port 1521 is the entry point. On testing the silo machine I found that it is susceptible to tns poisoning, searching on the web I found this invaluable article … Continue reading [hackthebox]Silo →

[security]Update new exploitdb script to metasploit

So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit →

Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor

Creating a persistent backdoor Afterword Modern antivirus program is capable of detecting such backdoor and even prevent the download of the encoded payload into victim's machine; payload encoded by shikata ganai 4 times is not enough to evade most of the modern antivirus program. In the past I used to click and execute unknown java … Continue reading Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor →

Metasploit: Keylogging

I was not able to do the keyscan successfully in my previous lab, now I found out the reason why. meterpreter > getdesktop Session 0\SAWinSta\Default meterpreter > The meterpreter is not in winsta0 and hence cannot capture the keystrokes of the victim. explorer.exe has access to winsta0 api and hence is able to record the … Continue reading Metasploit: Keylogging →

Metasploit and Social Engineering Toolkit: Kill Antivirus (eg. AVG2012)

Metasploit is packaged with killav script, but this script only kills avgrsx.exe which will respawn after the process is terminated. AVG has a program known as watchdog: avgwdsvc.exe which ensures the terminated AVG process is respawned again; seriously this makes killing antivirus difficult. The AVG IDS agent program cannot be terminated by any privileges which … Continue reading Metasploit and Social Engineering Toolkit: Kill Antivirus (eg. AVG2012) →

Metasploit: Post exploitation with meterpreter

Exploit and payload preparation Start the exploit Post exploitation: Understand the exploited environment Whoami What is the machine? Which process has meterpreter attached to? Post exploitation: Using script to enhance your finding Is this a real machine or virtual machine? What is the user doing now? Can I see it? A screenshot will pop up. … Continue reading Metasploit: Post exploitation with meterpreter →

Metasploit: Singles, Stagers, Stages

In the previous post i have written about how meterpreter works in steps. Step 1: Apply exploit and send payload. This step 1 is the stagers. The stagers contains reverse tcp ruby scripts or bind tcp scripts, the purpose is to first establish a client-server relationship, after client-server is established, an upload from attacker to … Continue reading Metasploit: Singles, Stagers, Stages →

Metasploit: About Meterpreter

Meterpreter is a tool that is packaged together with the metasploit framework. The features of meterpreter are: 1. Does not create any files on the harddisk, it resides in memory and attaches itself to a process. 2. client-server communication is in the form of type-length-value (TLV) format. 3. client-server communication between attacker machine and victim … Continue reading Metasploit: About Meterpreter →