This was previously working, so I'm at a loss. Basically, I want to run the following listener command:


./msfcli multi/handler payload=windows/meterpreter/reverse_tcp LHOST 172.25.x.x....

Getting a little closer to finding a solution. I ran the browser through an external proxy and it redirected after getting credentials. However, when it doesn't go through an external proxy, it just...

The site cloner wont redirect to the legitimate site after entering credentials. There seems to be an issue with the POST request, as it reloads the cloned site and the error:
"The connection was...

To caller ID spoof, I use "Caller ID Faker" and "SpoofApp". Both are available as APK's for Android. You could also setup an Asterix server, but that is a little more time consuming.

I've used...

*I wrote this awhile ago, but it was lost in the transition to the new forums*

We are assuming you've run kismet on the site and determined they are using LEAP. Kismet will create a .dump file in...

I put together a tutorial awhile ago. Check it out here:
http://forums.remote-exploit.org/general-discussion/12942-tutorial-intranet-exploitation.html

There is also subdomainer:
Edge-Security - Metagoofil - Metadata analyzer - Information Gathering

Latidude: I've been experiencing the same issues with the tool. I believe Microsoft may have patched this issue over the course of the last year. By patched I mean moved the memory location, as they...

Prefer the black/red color scheme. Was also proud of my senior status! Hopefully they archive these forums, I use them extensively for pen-testing. Maybe they can migrate user accounts?

The Kismet output files can be opened by Excel. Use "text to columns" and a "," delimiter to created a easy to view Excel spreadsheet. Of course, if there is a script to make it easier, hopefully...

Give this a try:
http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-leap-networks-asleap-john.html

Thanks for the recommendations! I'll try and use all of them to see which is the most comprehensive tool.

I wanted to get feedback on methods to identify network shares. I'm performing a pen-test for a health care organization. One of their main concerns is open shares with PHI. I've been using the...

I'm more familiary with Kismet output. It will save to an xml file, which you can open in Excel.

I have some concerns about your IT department. First off, if you've been implicated in an investigation, why are they coming to you with accusations? Any time a client hires us for an investigation,...

I've used Elcomsoft for NTLM cracking. They have a program for PDF with GPU acceleration:
Advanced PDF Password Recovery : Recover PDF passwords and instantly unlock Adobe Acrobat PDF documents
...

Here is an article on how to modify binaries:
http://www.packetstormsecurity.org/papers/virus/Taking_Back_Netcat.pdf

If you need a copy of a modified gsecdump, IM me and I can send you one.
...

You should download sqlping and give it a small username and password dictionary:

Free Tools

William

You mentioned it's not in the corporate environment, but then say the rogue AP is in the IT department? Who's to say it isn't connected to the corporate intranet? You'd be surprised how lazy some IT...

Nick,
I think you'll find this posting helpful in dealing with your Nigerian scammer:
http://forums.remote-exploit.org/general-discussion/19591-nigerian-419-scammer-emails-have-some-fun.html

Found rshell running on port 514 during an assessment, however BT3 doesn't appear to have RSH installed. I found a debian package at:...

First thing to do is verify the PUT method is enabled. You can do this with the curl tool:
cURL and libcurl

curl -I -X OPTIONS http://somesite.com

Once you've verified the PUT method, you...

Nice. I'm looking forward to trying this out! I contacted the original author about having it released with BT4, but so far no reply.

William

Hey floyd, any chance of you releasing your java version?

William

I did a class project on this a few years ago. Most of the Nokia 6310 phones are vulnerable. You may have some issues activating such an old phone. It would require an older SIM card. Make sure it...