https://heapspray.io/categories/offensive-security/ Recent content in Offensive Security on heapspray.io - a plethora of infosec garbage Hugo -- 0.152.2 en-us Wed, 22 Apr 2015 00:00:00 +0000 https://heapspray.io/posts/metasploit-soul-searching-part-i-scanning-with-metasploit/ Wed, 22 Apr 2015 00:00:00 +0000 https://heapspray.io/posts/metasploit-soul-searching-part-i-scanning-with-metasploit/ <p>I&rsquo;ve been trying to expand my knowledge of Metasploit recently. I&rsquo;ve gotten training which included quite extensive coverage of the framework, for which I&rsquo;m grateful; but to really get how extensive the tool&rsquo;s functionality is, there&rsquo;s nothing quite like practice.</p> <p>With this in mind, I downloaded the metasploitable VM over at sourceforge (<a href="http://sourceforge.net/projects/metasploitable/files/Metasploitable2/">http://sourceforge.net/projects/metasploitable/files/Metasploitable2/</a>) and began hacking away at it.</p> <p>When you start working on these things, it&rsquo;s awful tempting to fall back into &lsquo;CTF mode&rsquo;, where your only objective is to get in. It&rsquo;s not super effective in testing the tool, though. So I tried to limit myself to metasploit only, and see how far I could go. I also took a breadth-first approach rather than a depth-first approach - in other words, exploring as many of the scanning functionality as possible before moving on to exploitation.</p> https://heapspray.io/posts/websockets/ Fri, 14 Mar 2014 00:00:00 +0000 https://heapspray.io/posts/websockets/ <p>WebSockets are a mechanism that allow a client (typically a web page) to talk to a server without the overhead and complications that web services may pose. The client first establishes a connection using http and then makes a request to switch over to websockets; the process is described in <code>RFC 6455 &lt;https://tools.ietf.org/html/rfc6455&gt;</code>__. Using this technology simplifies development of elaborate web based clients and reduces web traffic, which is pretty sweet for developed and admins alike</p> https://heapspray.io/posts/vnc-passwords/ Wed, 12 Mar 2014 00:00:00 +0000 https://heapspray.io/posts/vnc-passwords/ <p>We like to think of VNC passwords as encrypted; but when you consider that they&rsquo;re encrypted using DES (a weak encryption algorithm) with a key that is hardcoded&hellip; Well&hellip; That pretty much makes VNC passwords \ <em>encoded</em> and not \ <em>encrypted</em>. There are a few VNC password revealers out there, such as \ <code>vncpwd &lt;https://github.com/jeroennijhof/vncpwd&gt;</code>__ or <code>VNCPassView &lt;http://www.nirsoft.net/utils/vnc_password.html&gt;</code>__, the former can be used in Linux and the latter in Windows. A prerequisite to using these is that you have access to the VNC passwd file and/or registry. Other tools exist to snarf the VNC password out of network captures.</p>