Dienstag, 7. Juni 2011

Walk-through Kioptrix 1.2

I finally found the time to play with loneferret's Kioptrix (www.kioptrix.com) challenges and thought I would post another solution of the 3rd challenge which does not pull the hash values from the database via SQLi. Instead I decided to leverage the Local File Inclusion vulnerability together with SQLi and the sucrack tool (http://labs.portcullis.co.uk/application/sucrack/)

not very exciting but a different approach.


Another Solution for Kioptrix 1.2 from T0X1C on Vimeo.



Dienstag, 31. Mai 2011

Pissing on Snort with Metasploit

This is my first post on that blog which I am primarily using to store things which I would otherwise forget. I decided to start with a video (it's a bit slow because I have to use several VMs on my notebook) to make it easier for me as well ( yes I am a slacker) when I need that information again.

Before I start, I would like to take the opportunity to thank m-1-k-3 from the #back-track.de channel on freenode for pointing out the Metasploit NOP Generators. You guys should visit his web site www.s3cur1ty.de and also buy his book which he is going to release very soon and is definetely on my reading list.

Now to the actual post. There are plenty of guides out there which treat Antivirus Evasion but I haven't found much ( or maybe not tried hard enought ) which cover IDS Evasion. So, I was playing around with Snort and it's rules to see what is necessary to circumvent the alert mechanism. This is actually the same which applies to AV Evasion - you just change the stupid signature. Of course, this is much easier with snort because you can just look up the signature with in the rules but as I already mentioned, I am a slacker. ;)

So, here we go

Untitled from T0X1C on Vimeo.