Sickness - Getting hashes with Metasploit.

[sickness]

In this video I will show you how to build a reverse_tcp in a .pdf file using Metasploit and how to steal hashes after having a meterpreter session on.
Have fun !!

Blip.tv:http://blip.tv/file/3226977
BLOG:http://sickness.tor.hu/?p=97

[clutch]

Keep it up man, these are great.

I will give this a shot later tonight I think. Is it possible to embed an OSX exploit into the pdf as well? My windows target is out of commission until I scrap up some money to fix it.

[sickness]

Well you actually can embed the "reverse_tcp" in other formats like .mp3 .pdf .exe so I guess you should be able to make it.

[brtw2003]

you have to use MAC OS X payloads:
MSF vs OS X

don't wanna sound like a smart ass, but there are really too many msf3 videos out there already with msf3 standard/advanced usage:

google: metasploit site:youtube.com
google: metasploit site:blip.tv
google: metasploit filetype:swf

But I think still THE best reference is the unleashed project by offsec:
http://www.offensive-security.com/metasploit-unleashed/

Another good ressource on this topic:
http://carnal0wnage.attackresearch.com/


Still keep your work going!

/brtw2003

[sickness]

Well, I made two movies about password sniffing, now I made two movies with Metasploit and next ... I don't know exactly but I will see

[purehate]

It would be nice to see something original.

[sickness]

Well I don't think there is much left. I mean what are the chances of finding something that wasn't filmed before. I mean Backtrack is the most downloaded Linux distro, everyone wants it, everyone tests it . If you have something in mind please tell me

[Sniper]

Regardless of what others say and how many others out there, this one is made by you SO... thank you for putting in the effort and sharing it with others.

[nightlybuild]

Nice tutorial. Did you happen to figure out how to remove the cmd box when you loaded the pdf?

[sickness]

No, I didn't figure that out yet ... still searching.