This page is presented without warranty or support. It is meant to provide supplementary reference materials for instructors and students and is not part of any official course material. Please direct all comments, questions, and suggestions to email@example.com.
The Security Weekly Team
Nmap NSE Scripting
Paul wrote an Nmap NSE script:
Its a banner grabber, connects to TCP ports and pulls back the data.
Cool tech segment by Larry on some very recent Google dorks:
He queried Twitter, many people responded.
New GHDB link:
- |-->DORKs: "Powered by TemaTres" / "Generado por TemaTres" / "Criado por TemaTres"
Package Metasploit Payload For OS X - From Darkoperator
Latest, bleeding, like fresh wounds, edge stuff:
http://trac.metasploit.com/changeset/6499 - Espia, Spanish for "Spy", grabs audio and video from the compromised host natively. Previous methods relied on a 3rd party tool to be uploaded to the host, this one is written in C/Ruby and deployed via Meterpreter. This has not yet been released and can only be found in the Metasploit SVN.
- They are working on a module that also grabs the remote clipboard
- Check out Jasager - Karma for a FON router.
- We run KARMA + Metasploit ("karmetasploit") during our assessments. Our setup is documented here.
- Browser exploit - http://milw0rm.com/video/watch.php?id=96 (MS09-02)
- BeEF Example: http://vimeo.com/1554155 From John Strand