Clik here to view.
Thoughts about PWB and OSCP
The Offensive Security Certified Professional (OSCP) certification is awarded to students who successfully complete Offensive Security's Pentesting with Backtrack (PWB) course. This is an intense hands...
View ArticleClik here to view.
Parsing Nmap's output
Nmap is a favorite tool when it comes to running port scans. The output can be a bit much however, especially when you're dealing with many targets with many services. Nmap is capable of producing...
View ArticleClik here to view.
Growl style for Chrome notifications
I use Chrome's desktop notifications when using Gtalk, and Growl notifications for other applications. I wanted a Growl style that looked like Chrome's desktop notifications, but was unable to find...
View ArticleClik here to view.
Introduction to pivoting, Part 1: SSH
Pivoting is a technique that allows attackers to use a compromised system to attack other machines in the same network, or more devastatingly, machines in another network that the compromised machine...
View ArticleClik here to view.
Introduction to pivoting, Part 2: Proxychains
This is part 2 of a series of posts on pivoting techniques. In part 1, we used SSH port forwarding to pivot our exploit and obtain remote access to our Windows XP machine. In this article, we'll be...
View ArticleClik here to view.
Introduction to pivoting, Part 3: Ncat
In the past two articles, we pivoted our exploit to our target with the help of SSH. If SSH is not available, we can try to use client-to-client and listener-to-listener relays with netcat, as...
View ArticleClik here to view.
Introduction to pivoting, Part 4: Metasploit
In this article, we'll look at pivoting using Metasploit. If you have the option to use Metasploit, you'll find that it makes pivoting much easier. Metasploit can be installed on Linux, Windows, and...
View ArticleClik here to view.
Binary to shellcode
The other day I was working on a Windows machine and downloaded a small Windows bind shellcode from https://code.google.com/p/w32-bind-ngs-shellcode/. I wanted to extract the shellcode from the bin...
View ArticleClik here to view.
Building Unicornscan in Kali Linux 1.0
Unicornscan is no longer packaged with Kali Linux 1.0. One of my scripts (onetwopunch.sh) happens to use it, so I went about building Unicornscan from source. I ran into a couple of snags when building...
View ArticleClik here to view.
Brainpan hacking challenge
After attempting various hacking challenges, I was inspired to come up with my own. Brainpan is my attempt at a vulnerable virtual machine. Your goal is to break in and get root access. By using this...
View ArticleClik here to view.
Thoughts on Offensive Security's Cracking the Perimeter course
Several months ago I signed up for Offensive Security's Cracking the Perimeter (CTP) course. Having successfully completed the course, I wanted to write a short review on it. CTP focuses primarily on...
View ArticleClik here to view.
Brainpan 2 Hacking Challenge
When I initially created Brainpan, my intent was to give back to the community with something fun and challenging. It didn't occur to me that others would find it so enjoyable that they would want...
View ArticleClik here to view.
Brainpan 2 contest winner
We have a winner! Congratulations to Matt Andreko for the best writeup. You can read his writeup here, and the offical announcement here.Thanks also to VulnHub for hosting the contest and providing the...
View ArticleClik here to view.
Creating a virtual machine hacking challenge
After recently releasing the Brainpan 2 hacking challenge, a handful of people asked me for tips on how to create their own hacking challenge. These virtual machine hacking challenges, more commonly...
View ArticleClik here to view.
Relativity hacking challenge
Several weeks ago, Sagi released his own challenge named Relativity to the public. It had been a while since I'd done a good boot2root, and so eager for a challenge, I grabbed it off VulnHub and loaded...
View ArticleClik here to view.
De-ICE hacking challenge: Part 4
This is a quick walkthrough on solving the De-ICE S1.120 A challenge which can be downloaded here: http://vulnhub.com/entry/de-ice_s1120-a,10/. Interestingly, I wasn't aware that this boot2root even...
View ArticleClik here to view.
De-ICE hacking challenge: Part 5
This is a walkthrough for the De-ICE S1.120-1 B challenge, which can be downloaded here: http://vulnhub.com/entry/de-ice_s1120-b,11/. The author describes this challenge as "moderately difficult"....
View ArticleClik here to view.
De-ICE hacking challenge: Part 6
This is a walkthrough on De-ICE S1.140, available for download at VulnHub. This release was much anticipated and took a while to get released to the public. It's a little tougher than the previous...
View Article