Recognize-Security

Useful Metasploit guides

Posted by Trancer on Mar 25 2009

Collected a bunch of useful guides for some new capabilities of the Metasploit Framework.
Some of the capabilities are post 3.2 version. I strongly recommend updating your version to the latest 3.3-dev snapshot.

– Using the WMAP Metasploit module for web application penetration testing:
WMAP (Metasploit Module).

– Restricting the db_autopwn command to specific ports and modules when mass exploiting:
Metasploit Mass Exploitation for Dummies.

– Exploiting the Token Kidnapping vulnerability for privilege escalation:
Token Passing with Incognito (Part 2).

– Using msfpayload to export exploits as executables and go under the AV radar:
Bypassing Anti-Virus with Metasploit (Video).

– Dumping Memory to extract Password Hashes:
Part 1, Part 2.

– Keylogging are now made easy:
Remote Keystroke Sniffing with Meterpreter.

– Keylogging Windows logon screen credentials:
Capturing Logon Credentials with Meterpreter.

Happy pwnage :-)

Categories: Metasploit

0 Comments | Comments RSS | TrackBack URL

Recognize-Security Welcome to the Machine March 2009

Useful Metasploit guides Posted by Trancer on Mar 25 2009 Collected a bunch of useful guides for some new capabilities of the Metasploit Framework. Some of the capabilities are post 3.2 version. I strongly recommend updating your version to the latest 3.3-dev snapshot. – Using the WMAP Metasploit module for web application penetration testing: WMAP (Metasploit Module). – Restricting the db_autopwn command to specific ports and modules when mass exploiting: Metasploit Mass Exploitation for Dummies. – Exploiting the Token Kidnapping vulnerability for privilege escalation: Token Passing with Incognito (Part 2). – Using msfpayload to export exploits as executables and go under the AV radar: Bypassing Anti-Virus with Metasploit (Video). – Dumping Memory to extract Password Hashes: Part 1, Part 2. – Keylogging are now made easy: Remote Keystroke Sniffing with Meterpreter. – Keylogging Windows logon screen credentials: Capturing Logon Credentials with Meterpreter. Happy pwnage :-) Categories: Metasploit 0 Comments \| Comments RSS \| TrackBack URL Leave a Reply Click here to cancel reply. Name (required) Mail (will not be published) (required) Website	Categories Advisories Articles Exploitation Exploits LOLz Malware Metasploit Presentations Rec-Sec Security News Tools Vulnerabilities Web Application Security Archives March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 December 2008 November 2008 October 2008 September 2008 August 2008 January 2008 June 2007 May 2007 April 2007 March 2007 February 2007 Pages About Recognize-Security Links BinaryVision BlackHat Security BugSec Ltd. Digital Whisper Extraexploit Inj3ct0r exploit database milw0rm NiX IRC Network NullByte Pankaj Kohli Peter Van Eeckhoutte The Metasploit Project TryThis0ne Udi Mosayev Uninformed xorl eax, eax Meta RSS 2.0 ATOM 1.0 RDF 1.0 Links OPML OpenSearch
Valid XHTML \| Valid CSS \| RSS \| Comments RSS Copyright © 2009 Recognize-Security. Some rights reserved. ~~Security~~ Hacking, However, is an art, not a science.

March 2009

Useful Metasploit guides

Leave a Reply