Dec 16, 2011

Intestesting Exploit Today: 2011-12-16

Remote Exploits
Splunk Remote Root Exploit

Web Application Vulnerability
Apache Range Header Denial Of Service 
Websense Triton Authentication Bypass

After I try it, every things are work perfectly. Please up-to-date all your system every times.

Source: & 

If you like my blog, Please Donate Me

Dec 15, 2011

Howto: Decoding malware SSL using Burp proxy

This post is summary from Source. If you want all details, please go to the Source.

1. Enable port forwarding
- sudo echo 1 > /proc/sys/net/ipv4/ip_forward

2. Use firewall to redirect from 80,443 to 8080
- sudo iptables -P FORWARD ACCEPT
- sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
- sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080

3. Configure Burp to do invisible proxying and to listen on all interfaces

4. Set the Gateway IP of host(malware infected) to Linux server

5. Enable the network of host. if malware is active or try connect to c&c server, you will see the traffic of malware.


If you like my blog, Please Donate Me

Dec 12, 2011

Installing Metasploit Framework + PostgreSQL DB Backend Under Ubuntu 12.04 LTS

This post is summary from Source. If you want all details, please go to the Source.

1. Install all ruby and packages that we required
- apt-get update && sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby libpq-dev libpq5 libreadline-ruby irb ri rubygems subversion build-essential ruby-dev libpcap-dev postgresql-8.4 nmap

2. Install pgSQL ruby gem.
- sudo gem install pg

3. Install Metasploit 3
- svn co msf

4. Install raw socket extension
- cd /opt/framework3/msf/external/pcaprub && sudo ruby extconf.rb && sudo make && sudo make installing

5. Install wireless extension
- cd /opt/framework3/msf/external/ruby-lorcon2
- sudo svn co lorcon2
- cd lorcon2
- sudo ./configure --prefix=/usr && sudo make && sudo make install
- cd ..
- sudo ruby extconf.rb
- sudo make && sudo make install

6. Add metasploit to PATH variable for easy usage.
- ln -sf /opt/framework3/msf/msf* /usr/local/bin

7. Create new database for Metasploit
- su postgres
- createuser msf -P
- create db –owner=msf msf

8. Go to Metasploit Console and connect PostgreSQL.
- msfconsole
- db_driver postgresql
- db_connect msf:msf@

PS: in this tutorial, we set password to msf. If you create another user or password in another things, please use this form.



If you like my blog, Please Donate Me 

Vulnerability scanning with Nessus from within Metasploit

Nessus from msfconsole / Armitage

To run a Nessus vulnerability scan from the Metasploit console you first need to have a Nessus installation somewhere. I’ll wait while you install it, and don’t forget to register your installation so you can download the latest plugins for it.
In Metasploit you start with loading the nessus plugin:

msf> load nessus
and then connect to the Nessus installation

msf> nessus_connect -h
[*] You must do this before any other commands.
[*] Usage:
[*]        nessus_connect username:password@hostname:port <ssl ok>
[*]  Example:> nessus_connect msf:msf@ ok
[*]         OR
[*]        nessus_connect username@hostname:port <ssl ok>
[*]  Example:> nessus_connect msf@ ok
[*]         OR
[*]        nessus_connect hostname:port <ssl ok>
[*]  Example:> nessus_connect ok
[*]           OR
[*]        nessus_connect
[*]  Example:> nessus_connect
[*] This only works after you have saved creds with nessus_save
[*] username and password are the ones you use to login to the nessus web front end
[*] hostname can be an ip address or a dns name of the web front end.
[*] port is the standard that the nessus web front end runs on : 8834.  This is NOT 1241.
[*] The "ok" on the end is important.  It is a way of letting you
[*] know that nessus used a self signed cert and the risk that presents.

msf> nessus_connect user:password@localhost:8834 ok
If you save the credentials using

msf> nessus_save
You only need to issue

msf> nessus_connect
to automatically connect to your Nessus instance. Be warned, your Nessus credentials are stored in the clear in ~/.msf4/nessus.yaml - but it saves on typing…
After you have connected to the Nessus scan it is time to scan the target. First we need to select a policy:

msf> nessus_policy_list
[+] Nessus Policy List

[+] ID  Name                        Comments
--  ----                        --------
-1  Web App Tests              
-2  Internal Network Scan      
-3  Prepare for PCI DSS audits 
-4  External Network Scan      
Then we need to start the scan:

msf> nessus_scan_new -h
[*] Usage:
[*]        nessus_scan_new <policy id> <scan name> <targets>
[*]  Example:> nessus_scan_new 1 "My Scan"
[*] Creates a scan based on a policy id and targets.
[*] use nessus_policy_list to list all available policies

msf> nessus_scan_new -4 “Metasploit Scan”
Once the scan is completed it is time to import the result into Metasploit

msf> nessus_report_list
msf> nessus_report_get -h
[*] Usage:
[*]        nessus_report_get <report id>
[*]  Example:> nessus_report_get f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca
[*] This command pulls the provided report from the nessus server in the nessusv2 format
[*] and parses it the same way db_import_nessus does.  After it is parsed it will be
[*] available to commands such as db_hosts, db_vulns, db_services and db_autopwn.
[*] Use: nessus_report_list to obtain a list of report id's

msf> nessus_report_get f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca
After which it is time to check what we now know about our target network using the “hosts”, “services” and “vulns” commands.


If you like my blog, Please Donate Me