Search:

Type: Posts; User: hongman; Keyword(s):

Page 1 of 4 1 2 3 4

Search: Search took 0.00 seconds.

  1. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Few words of caution after running this many times!

    1. It seems to be completely incompatible with all Win2k8R2 servers - it will hang the server and require manual reboot
    2. It has picked up...
  2. Replies
    3
    Views
    1,212

    Re: Reverse a meterpreter session

    I think you misunderstand me - here's an example:

    Attacker gains meterpreter shell on the Target with whatever method. Evil PDF, bruteforce, Evil Java, etc.

    Target gets wind of this, and wants...
  3. Replies
    3
    Views
    1,212

    Reverse a meterpreter session

    Hi

    Probably not what you are thinking :-)

    I dont think there is, but if you knew you had an active meterpreter session on a target machine, is there a way to reverse the connection back to the...
  4. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Just to let you know I found a great tool called Antimeter2 which scans memory and reports back onto if any processes have meterpreter exploited.

    Tested in a controlled environment, alongside with...
  5. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Hehe - hex and assembly to me might as well be attempting to build a space rocket ;)
  6. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Do active meterpreter sessions exhibit any packets which can be identified via wireshark?

    I exploited my own PC and captured me opening up a backdoor and getting a meterpreter shell - however to...
  7. Discussioni: msfconsole & nexpose

    by hongman
    Replies
    8
    Views
    4,171

    Re: msfconsole & nexpose

    Thanks again scott.

    So it seems msfconsole automatically starts the db and connects when you launch it.

    So say I move to another site, start another scan, how would I then use another database...
  8. Discussioni: msfconsole & nexpose

    by hongman
    Replies
    8
    Views
    4,171

    Re: msfconsole & nexpose

    Just to add to this, it seems MSF has changed from recently?

    I am following the guide here http://www.offensive-security.com/metasploit-unleashed/Working_With_NeXpose

    But none of the commands...
  9. Discussioni: msfconsole & nexpose

    by hongman
    Replies
    8
    Views
    4,171

    Re: msfconsole & nexpose

    I am running my BT installation on a 40GB partition and I've used 15GB, inc nexpose install. It took about 1GB tops from memory!
  10. Discussioni: MSF & AntiVirus

    by hongman
    Replies
    8
    Views
    1,821

    Re: MSF & AntiVirus

    OK - I will try on a weekly basis and let you know :)

    Still interested if anyone else knows of a way though?
  11. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Thank you both for your input - it has been invaluable.

    We have already started using known good machines only, but I plan to try and dissect the suspects to gather evidence either way.
  12. Discussioni: MSF & AntiVirus

    by hongman
    Replies
    8
    Views
    1,821

    Re: MSF & AntiVirus

    Hi Tape :)

    Do they actually manually analyse the file then if it comes back clean? I imagine they have thousands of files submitted everyday...and its not like I am continually submitting the same...
  13. Discussioni: msfconsole & nexpose

    by hongman
    Replies
    8
    Views
    4,171

    Re: msfconsole & nexpose

    Huh. I rebooted and immediately ran nsc.sh again, and now it seems to be updating.

    A search on rapid7's community suggests they found similar thing for their own Backtrack testing.

    Maybe this...
  14. Discussioni: msfconsole & nexpose

    by hongman
    Replies
    8
    Views
    4,171

    msfconsole & nexpose

    Hi all

    Bit confused here, would appreciate if someone can clarify!

    I have a installation of BT5R2 x64 on my laptop. I am trying to run nexpose from within msfconsole.

    So I fire up msfconsole...
  15. Discussioni: MSF & AntiVirus

    by hongman
    Replies
    8
    Views
    1,821

    Re: MSF & AntiVirus

    So I have read the guides, done some other research and ended up with an EXE file which passes all 42 vendors tests at Virustotal :)

    I'm now trying to piggyback this onto another file type so that...
  16. Discussioni: MSF & AntiVirus

    by hongman
    Replies
    8
    Views
    1,821

    Re: MSF & AntiVirus

    Thank you!!
  17. Discussioni: MSF & AntiVirus

    by hongman
    Replies
    8
    Views
    1,821

    MSF & AntiVirus

    Hi all

    Been messing with the framework over the past few days.

    In all of the tutorials I have found so far (including the one on Offensive Security) people talk about using msfpayload and...
  18. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    And I even less so!
  19. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Thanks Scott.

    This should be interesting.
  20. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Thanks. We have started to restrict more diligently but I am worried a box has been metasploited with a reverse shell or something.

    What is the best way to detect this?
  21. Replies
    19
    Views
    2,453

    Re: Best way to detect compromised machine?

    Definately not the IT Dept, 101% positive on that.

    There is no IR Team. This is a very sensitive situation with potentially extremely high financial ramifications, so we cant go pointing fingers...
  22. Replies
    19
    Views
    2,453

    Best way to detect compromised machine?

    So I have done a little research on Metasploit to gain an overview of how it is laid out and how it works.

    All of the guides I have read so far contain information on how to use it to exploit, or...
  23. Discussioni: nexpose install error

    by hongman
    Replies
    0
    Views
    1,292

    nexpose install error

    Hi

    I'm running BT5R2x64 on KDE HDD install.

    I am trying to install nexpose, and I have tried via the rapid7 website and apt-get - both install but fail to start with the same error:

    ...
  24. Replies
    15
    Views
    3,062

    Re: Help with Crunch syntax

    permute.pl and leetify the same thing no?
  25. Replies
    7
    Views
    1,559

    Re: How is really secure WPA?

    I am in agreement with you there.

    A WPA wireless network with a suitable password, and with no WPS-enabled, is pretty much going to be impossible to hack via the traditional wireless attack...
Results 1 to 25 of 90
Page 1 of 4 1 2 3 4