This post will be the first in an ongoing series devoted to covering various modules in the Metasploit Framework and their uses. We hope that our readers will find this useful, as there are more modules added to the framework each day, as well as some obscure modules which are incredibly valuable. This entry in the series will examine one of the latter, ... READ MORE
Offense
Building a Vulnerable Box – Heartbleed
Patchwork may have wrapped this series up in his last post, but I've got one more to add. The Heartbleed bug (CVE-2014-0160) received a lot of press when it was discovered and disclosed in April of 2014, and deservedly so. The vulnerability was severe not only because of the sensitivity of the information it could leak, but also because of its prevalence across the ... READ MORE
Building a Vulnerable Box – VNC Auth Bypass
This is going to be my last post in this series for the time being. Four vulnerable machines is a good start-up lab. The version of VNC we are going to use for this build is very out-of-date, but you'd be surprised (or maybe you wouldn't) on the frequency with which we encounter it on engagements. I haven't had a hit yet this year, but there were enough last year to warrant ... READ MORE
CTF – Exploit PCAP Walkthrough
RSM recently hosted a Capture the Flag competition for high school students in partnership with the University of Mount Union. Our team attempted to craft challenging but "solvable" problems for the participants to complete. When I was writing my challenges (they fell mostly in the Forensics category) my goal was to make problems that were something a high school student ... READ MORE
DLL Injection Part 2: CreateRemoteThread and More
Back for more? Good. I learned quite a bit doing the research for this portion of the series, and I have to give credit mostly to my sources. Check out the Open Security Research and Infosec Institute articles in the references. They go really in depth on this topic. I am not really expanding on their content, but I find that spending time explaining it helps me to better ... READ MORE
Building a Vulnerable Box – Domino
IBM Domino (formerly Lotus Domino) is a particular interesting (and lengthy) setup. The build is not terribly complicated, but the software has been vulnerable for a long time, so it's definitely worth exploring. We might as well have titled the blog "Building a Domino Box" with the vulnerability simply assumed. This box was also featured on the final for my university ... READ MORE
CTF – PHP and OS Command Injection
This past weekend, RSM’s technical consultants worked with representatives from the University of Mount Union to host a Capture the Flag competition for teams of local high school students. The teams competed for scholarship money in challenges spread across six categories – Coding, Cryptography, Forensics, Grab Bag, Hacking, and Web. The students’ collaboration, research, ... READ MORE
Building a Vulnerable Box – Rejetto HFS
Happy Friday. Today's vulnerable box was not particularly difficult to set up, but I like the exploit. I am also using this particular box on the final exam for my network security students over the next few weeks, so part of me wants to see if they stumble across the tutorial. Full disclosure: I've never encountered Rejetto's HTTP File Server on a penetration test. I ... READ MORE
Building a Vulnerable Box – Elastix
This spring, I had the opportunity to teach Network Security at a local university. As one would expect, I chose to teach the course from the perspective of a pentester. One of the challenges I've faced is setting up vulnerable systems for my students to attack. We've also started using the boxes internally to training new hires and test certain exploits and techniques (the ... READ MORE
Shells by Mail: Backdooring USB Devices for Fun and Pwnage
Pretty much everyone is familiar with the most common ways that organizations are breached, weak passwords, misconfigured systems, social engineering, etc., but on a recent engagement we decided to do something a little bit unconventional. In terms of attack vectors, our client had placed only one restriction on us, we could not physically go inside their facilities. So ... READ MORE