Tuesday, April 28, 2009
Delicious is a service for keeping your bookmarks in one place (online), it's social bookmarking.
So let's go with an example; if you have some nicknames from your target, you can search directly on their Delicious profile, all their public links, for example my profile:
Remember that users can mark a link as private, but here is where we can be lucky if they forget to save it as private.
Another way of searching in Delicious, is using target company URL's or IP's, in this example i will use just a standard internal ip:
And look the second result:
The root password in the url :)
In particular cases you can obtain interesting results
Now each plugin is a file, and here is an example of a plugin for gathering all the email addresses:
class email_detect(AttackPlugin):You can find more examples inside the plugin folder, just get your copy via subversion:
for i in a:
svn checkout http://proxystrike.googlecode.com/svn/trunk/ proxystrike-read-only
More information in the wiki, and you can follow updates by deepbit in his new blog
Monday, April 20, 2009
Meterpreter, short for The Meta-Interpreter, is an advanced payload that is included in the Metasploit Framework. Its purpose is to provide complex and advanced features that would otherwise be tedious to implement purely in assembly. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared ob ject (DLL) ﬁles that can be uploaded and injected into a running process on a target computer after exploitation has occurred. Meterpreter and all of the extensions that it loads are executed entirely from memory and never touch the disk, thus allowing them to execute under the radar of standard Anti-Virus detection.
- cachedump Dump (decrypted) domain hashes from the registry
- hashdump Dump (decrypted) LM and NT hashes from the registry
- hivelist Print list of registry hives
- hivescan Scan for _CMHIVE objects (registry hives)
- lsadump Dump (decrypted) LSA secrets from the registry
- Disable_Audit: Disable auditing, by changing the local security policy
- GetGui: Script for enabling RDP service on target host.
- GetTelnet: this script will enable the Telnet Service on Win2003 and XP, and will install it on Vista and 2008.
- Memdump: Automation for mdd
- WinEnum: Script that will gather a big amount of information about the host
- Scheduleme: this will allow for task scheduling on target host. Will run the commands as System.
- NetEnum: Performs network enumeration, ping sweeps, reverse dns lookups, etc.
- Soundrecorder: Allows you to record sound on the target machine :)
- GetCounterMeasure: this script will identify antivirus,HIPS,HIDS, Firewalls, etc.