All good pentesters have their own “survival kit” with a lot of tools and scripts grabbed here and there. Here is a new one released a few days ago: FacebookPasswordDecryptor. “FacebookPasswordDecryptor – small, simple, free, and yet truly reliable application that helps you recover stored Facebook account passwords, quickly and
Bruteforcing SSH Known_Hosts Files
OpenSSH is a common tool for most of network and system administrators. It is used daily to open remote sessions on hosts to perform administrative tasks. But, it is also used to automate tasks between trusted hosts. Based on public/private key pairs, hosts can exchange data or execute commands via
Detecting Rogue Gateways on a LAN
ï»¿There was an interesting thread on the email@example.com mailing list a few days ago. A member asked how to detect illegal or “rogue” gateways in a big international organization. Rogue devices can be seen from different point of views. For the network administrators or the security auditors, it’s really a
MetaSploit FrameWork 3.2 Released
MetaSploit 3.2 has been released! “Austin, Texas, November 19th, 2008 — The Metasploit Project announced today the free, world-wide availability of version 3.2 of their exploit development and attack framework. The latest version is provided under a true open source software license (BSD) and is backed by a community-based development
The Story of a Hack – Part 3
The next part (part 3) is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-3-kung-fu-shopping.html.
The Story of a Hack – Part 2
In a recent post, I talked about SynJunkie who described a nice pentest scenario against a fictive company. The second part is now online! Read it here: http://synjunkie.blogspot.com/2008/11/story-of-hack-part-2-breaking-in.html.
The Story of a Hack
Here is an interesting series of posts from SynJunkie. He’ll show us how to conduct a pentest against a fictive company called “HackMe Ltd.“. “The goal of this series of posts is to demonstrate how simple it is to penetrate a network, steal some data, and then erase the evidence