HackingTheUniverse

The nmap scripting engine (written in LUA) allows users to use a list of pre-written scripts that automate nmap functions or modify them or write your own scripts. Chapter 9. Nmap Scripting Engine – [nmap.org] Introduction The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write [...]

All About Plugbot – [theplugbot.com] PlugBot is a hardware bot. It’s a covert penetration testing device designed for use during physical penetration tests. PlugBot is a tiny computer that looks like a power adapter; this small size allows it to go physically undetected all the while powerful enough to scan, collect and deliver test results [...]

A Botnet is a collection of many computers that have been compromised by an attacker and are being used surreptitiously for some purpose usually related to cybercrime. Botnet Methodology: Compromising Systems Email with infected attachment or link to infection site Website with infected code Other protocols: IM, IRC, FTP, P2P, twitter, and more… Controlling the [...]

Metasploit recently released version 3.4.0 of the Framework with many improvements and new exploits and a new commercial product, Metasploit Express. Today, they followed that up with a VM image that can be used as an exploitable practice target. Introducing Metasploitable – [metasploit.com] Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. [...]

Here’s a roundup of recent metasploit techniques: Nessus Scanning through a Metasploit Meterpreter Session – [pauldotcom.com] Scenario: You are doing a penetration test. The client’s internet face is locked down pretty well. No services are exposed externally and only HTTP/HTTPS are allowed OUT of the corporate firewall. You email in a carefully crafted email with [...]

Nmap, the free, open source utility that has become a basic tool for many network security professionals, has released a new version. Nmap 5.20 Released – [nmap.org] Happy new year, everyone. I’m happy to announce Nmap 5.20–our first stable Nmap release since 5.00 last July! It offers more than 150 significant improvements, including: o 30+ [...]

The Metasploit Framework is a framework that enables penetration testing by combining modular packages of exploit code, payloads and tools such as Meterpreter that allow the tester to maintain access, collect information on the target system and execute pivot attacks against other systems. This script helps the tester by maintaining backdoor access. Meterpreter Persistence – [...]

This intriguing article offers up some quick and short thoughts on visual hacking. Hacking With Pictures – [quietbabylon.com] 1 – TV hypnotherapy 2 – Images become executable 3 – Retinal scanners 4 – Pokemon seizures 5- Flashbang grenades 6 – 2D bar codes 7 – 2nd Life presentation 8 – Sixth Sense hacking 9 – [...]

Snort is a free, open source, packet sniffing, protocol analyzing, intrusion detection engine that can be used for both network IDS (intrusion detection system) and IPS (intrusion prevention system) and can be linked to a variety of analysis front end interfaces. It runs on both linux and windows. Snort rules establish the parameters for packet [...]

NIST (National Institute of Standards and Technology) has provided Federal Agencies with all the tools they need to get cyber-security done right. But obviously, it’s not being done right yet at most agencies. Why not? Failure to understand the threat level – this was certainly once the top problem… maybe not so much anymore with [...]