Clik here to view.
Brute-Forcing Compatibility
Idea came thanks to cktricky from: http://cktricky.blogspot.com/ A bunch of sites on the web give you different pages depending on the browser you use to view it. I know when I was a web developer...
View ArticleClik here to view.
SHODAN The Computer Search
If you haven’t seen it all over twitter yet, achillean released the “beta” of SHODAN yesterday. It’s a search engine of basically a nmap of the internet (ports 21, 22, 23 or 80 so far)....
View ArticleClik here to view.
2009 Geek Christmas List
What’s on your list? Here is mine (in no particular order): Number 1: iPhone compatible alarm clock with good sound Number 2: iPhone car mount that charges and is compatible with aux cables 32GB...
View ArticleClik here to view.
Metasploit with Ruby 1.9.1
UPDATE: if you don’t make some additional steps, the ‘rvm 1.9.1’ command only is active for the current console session. See the site for details: http://rvm.beginrescueend.com/ This short tutorial is...
View ArticleClik here to view.
Meterpreter tunneling and VNC revamped
So yesterday (December 14th, 2009) HD Moore posted a tweet with a pic of the new VNC meterpreter script that he wrote: Looking at the script I noticed that it created a new connection (two connections...
View ArticleClik here to view.
Linked in to Twitter
If you hadn’t noticed, LinkedIn has started allowing you to link your Twitter account to your LinkedIn account. So, I didn’t know this (since I opted out), but apparently LinkedIn will kick your status...
View ArticleClik here to view.
grmn00bs podcast
I was recently on the grmn00bs podcast, I had a great time, and I can’t wait to see who they pick up next on their series: grmn00bs podcast: episode 9 Update Archive.org Link“When they were n00bs...
View ArticleClik here to view.
Security (CAN BE) an ART not a SCIENCE
This is far from a new idea, however it’s not something that is easily provable. So I had an idea this morning. I posed the following question on Twitter: You know what I got in return? a resounding...
View ArticleClik here to view.
@RSnake ’s RFI List in Burp Suite
First of all, get Robert @RSnake Hansen’s RFI list here: http://ha.ckers.org/blog/20100129/large-list-of-rfis-1000/ it’s a great list, but as soon as I saw it, I was like.. hmm.. how can I use that?...
View ArticleClik here to view.
Practical Exploitation
Practical Exploitation is going to be me, explaining things in the way that I see the world on the best medium for what I’m explaining, be it a short blog blurb, a video of me, a video of a desktop, or...
View ArticleClik here to view.
Metasploit Cyberwarfare
I’m not sure I will want to svn up tomorrow. This Cyberwarfare version has advanced powers:
View ArticleClik here to view.
Vuln Disclosure Summarized
I have an admittedly limited view of the exploit dev world. However, from what I’ve seen devs have very few options: (Please correct me if I’m wrong) Responsible Disclosure Direct Contact =>...
View ArticleClik here to view.
0Exploit Privilege Escalation
The other day Chris Gates posted an excellent blog post about the WebDAV hotness that Chris Sullo (author of Nikto) cooked up (DAVTest) which Ryan Linn popped out a Metasploit module for. Anyways, the...
View ArticleClik here to view.
A very important link...
Normally I save links for my “Mubix Links” blog to keep the clutter down on this one, but I think this is one that I would like to highlight as important. The NFO, credits and summary to this...
View ArticleClik here to view.
AV bypass made stupid
*WARNING* if you use fgdump like I did, it extracts pwdump to %TEMP% at run time, which is detected by AV. First of all, I was floored when this worked. Really AV? It’s that easy? Really? So here is...
View ArticleClik here to view.
Get off my lawn! iPhone Geo Blocking
I was recently approached by savant, who told me that a bunch of my Twitpics had geo location in them. Larry Pesce from PaulDotCom has been doing research in this field for a while and each time he...
View ArticleClik here to view.
Set Wallpaper Meterpreter Script
Certainly nothing to fuss over, but I’ve had a fascination with setting my target’s wallpaper as sort of a calling card for years now. I’ve been able to set the registry key (HKCUControl...
View ArticleClik here to view.
Intro to RailGun: WIN API for Meterpreter
Back on June 13th, “Patrick HVE” released RAILGUN: http://mail.metasploit.com/pipermail/framework/2010-June/006382.html And it was merged into the the Metasploit trunk with 9709, 9710, 9711 and 9712:...
View ArticleClik here to view.
Resources for railgun development
Metasploit’s Railgun is awesome, but getting things to work correctly can be a pain. Here are some of the resources that have helped me out: System Error Codes.aspx”) - This is hands down the best...
View ArticleClik here to view.
AV Tracker
Ever set up a multi/handler and get an odd IP hitting it? Probably forgot about it as internet chatter? Think again, you might have just been caught AV Tracker - http://avtracker.info/ is a site that...
View Article