Welcome back, my fledgling hackers! As the operating system developers become more and more security conscious, operating system exploits become rarer. Not so rare that we don’t see them anymore (see ExternalBlue and the .NET vulnerability CVE-2017-8759), but rare enough that hackers tend to focus their efforts on the applications and their output files for […]
Continue Reading
Welcome back, my Metasploit aficionados! In this series, we began with the Metasploit basics and have progressed through exploitation and creating our own custom payloads. In this tutorial, we will examine how we can proceed after having exploited a single system on a network to controlling the entire network. Very often to compromise a […]
Continue Reading
Automobile or car hacking is the leading edge of the hacking/penetration testing field. With the arrival of self-driving cars in the very near future, this field will only become even more important. For some background on this field, read my articles on the CAN protocol and the SocketCAN to better understand the technologies involved. As […]
Continue Reading
As part of this rapid development in automobile/car hacking, one of my favorite hacking tools, Metasploit, has developed the capability and modules to connect to cars (for more on Metasploit, check out my series “Metasploit Basics” and my upcoming Metasploit Kung-Fu course that now includes car hacking with Metasploit). If your version of Metasploit does […]
Continue Reading
The powerful hacker exploitation framework, Metasploit, has recently been updated with attacks against automobiles. This is HUGE, as automobile hacking will be one of the hottest Infosec areas over the next few years. Rapid7 (the developer of Metasploit) research director Craig Smith says Metasploit can now work with almost any vehicle interface. “Metasploit condensed a […]
Continue Reading
Welcome back, my aspiring hackers! The Metasploit framework has become a multipurpose pentesting tool–but at its heart–it’s an exploitation tool. Up to this point in this series on Metasploit, we have been getting familiar with the various aspects of this tool, but now we will get to the best part, exploitation of another system! In […]
Continue Reading
Welcome back, my greenhorn hackers! Often, new modules are developed for Metasploit, but are not included in the base configuration or updates. In such cases, you will need to manually add the module to Metasploit. In reality, this is not difficult with a touch of basic information and a dash of Linux skills. One place […]
Continue Reading
Welcome back, my aspiring White Hat Hackers! In this series on the world’s most popular exploitation framework, Metasploit, we have looked at the many ways to get started, including; 1. Getting Started and Keywords 2. Modules 3. Payloads 4. Connecting the postgresql Database 5. Scanning and Reconnaissance Before we advance to exploitation, I want to […]
Continue Reading
Welcome back, my tenderfoot hackers! As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools. Metasploit enables us to use pre-written exploits against known vulnerabilities in operating systems, browsers and other applications and place a rootkit/listener/payload on the target […]
Continue Reading
In my first article in this Metasploit series, I introduced you to some of the key commands you need to know before using Metasploit. In this second article in the series, I want to introduce you the different types of modules found in Metasploit. When you start Metasploit into the msfconsole, you are greeted by […]
Continue Reading