CuttingEdge

From Security Weekly Wiki
Jump to navigationJump to search

Introduction

This page is presented without warranty or support. It is meant to provide supplementary reference materials for instructors and students and is not part of any official course material. Please direct all comments, questions, and suggestions to psw@securityweekly.com.

Thank You,

The Security Weekly Team

Nmap NSE Scripting

Paul wrote an Nmap NSE script:

Banner Grabbing Reloaded Tech Segment

Download the script here

Its a banner grabber, connects to TCP ports and pulls back the data.

Google Dorks

Cool tech segment by Larry on some very recent Google dorks:

http://securityweekly.com/wiki/index.php/Episode150#Tech_Segment

He queried Twitter, many people responded.

New GHDB link:

http://johnny.ihackstuff.com/ghdb/

Show Dorks:

http://milw0rm.com/exploits/8616

  1. |-->DORKs: "Powered by TemaTres" / "Generado por TemaTres" / "Criado por TemaTres"

Metasploit

Check out our Metasploit entry for the latest tips & tricks

Package Metasploit Payload For OS X - From Darkoperator

Latest, bleeding, like fresh wounds, edge stuff:

http://trac.metasploit.com/changeset/6499 - Espia, Spanish for "Spy", grabs audio and video from the compromised host natively. Previous methods relied on a 3rd party tool to be uploaded to the host, this one is written in C/Ruby and deployed via Meterpreter. This has not yet been released and can only be found in the Metasploit SVN.

  • They are working on a module that also grabs the remote clipboard

KARMA

  • Check out Jasager - Karma for a FON router.

Backdoors

Videos