Offensive Security

I’ve been trying to expand my knowledge of Metasploit recently. I’ve gotten training which included quite extensive coverage of the framework, for which I’m grateful; but to really get how extensive the tool’s functionality is, there’s nothing quite like practice. With this in mind, I downloaded the metasploitable VM over at sourceforge (http://sourceforge.net/projects/metasploitable/files/Metasploitable2/) and began hacking away at it. When you start working on these things, it’s awful tempting to fall back into ‘CTF mode’, where your only objective is to get in. It’s not super effective in testing the tool, though. So I tried to limit myself to metasploit only, and see how far I could go. I also took a breadth-first approach rather than a depth-first approach - in other words, exploring as many of the scanning functionality as possible before moving on to exploitation. ...

WebSockets are a mechanism that allow a client (typically a web page) to talk to a server without the overhead and complications that web services may pose. The client first establishes a connection using http and then makes a request to switch over to websockets; the process is described in RFC 6455 <https://tools.ietf.org/html/rfc6455>__. Using this technology simplifies development of elaborate web based clients and reduces web traffic, which is pretty sweet for developed and admins alike ...

We like to think of VNC passwords as encrypted; but when you consider that they’re encrypted using DES (a weak encryption algorithm) with a key that is hardcoded… Well… That pretty much makes VNC passwords \ encoded and not \ encrypted. There are a few VNC password revealers out there, such as \ vncpwd <https://github.com/jeroennijhof/vncpwd>__ or VNCPassView <http://www.nirsoft.net/utils/vnc_password.html>__, the former can be used in Linux and the latter in Windows. A prerequisite to using these is that you have access to the VNC passwd file and/or registry. Other tools exist to snarf the VNC password out of network captures.