Hacking 0x3f8147ae

“OMG! You’re posting about breaking into other machines. Have fun in block C!”

Yes. To the first part. Let’s first make sure that we all understand the concept of ‘hacking’ I am presenting. The purpose of this post is to make myself more comfortable with discussing computer security concepts, not to encourage the public to leverage vulnerabilities of potentially vulnerable systems. The scenario, experiment if you will, presented in this blog post, where I attack, exploit, and conquer a target machine, occurred in a controlled environment far away from endpoints residing on the Internet, meaning that no harm was done (or laws broken 🙂 ). So you don’t have to cover your eyes when you read through the post.

Hacking?

When people hear this word they tend to make a negative connotation right off the bat, but it doesn’t have to be this way. Unfortunately, in today’s world of software mass production, we are exposed to numerous vulnerabilities whenever we unlock our phone (or someone unlocks it for us…). This is why the world needs the ‘good’ hackers, white hat hackers, ethical hackers. These words are all synonyms for people who perform some type of penetration testing on a software or on a network. Without them our systems and networks would be much less secure, because the ‘bad guys’ (black hat hackers) would be free to exploit anything they want, whenever they want. While I argue that there is an unhealthy proportion of ‘good’ vs. ‘bad’, I believe, that as we move forward as a society and a tech community, there will be more light shed on security aspects and considerations regarding hardware, software, and networking.

Next up: Metasploit & Hacking Demo

For one of my graduate courses, we were tasked to create a presentation of any penetration testing tool or hardware appliance available out there. Clearly, this was a super-cool project. I’ve always wanted to learn more about Metasploit, which is what made me choose it as my focal penetration testing framework. If you haven’t heard of it, it is one of the most popular tools for exploiting, payload encoding, and payload delivery purposes. The rest of the blog post will be presented in a slideshow. Since this is not intended to be a guide on how to use all of Metasploit’s functions, it is better to leave that for every person to do on their own per interested.

You can download a .pdf to check out the presentation: Metasploit

Here’s a bit of a sneak peek:

Slide1
Title slide
Slide11
nmap OS/service scan
Slide20
🙂

Slide21

By the way

The hex value in the title is a float – in case 1065437102 didn’t make sense to you. Thank you for stopping by and reading through! 🙂

-Ziga

References:

pentestmonkey (thank you for the php shell script)
superuser.com (super cool approach to [insecure] file transfer between hosts!)
exploit-db (always a great resource regarding exploits)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s