Robsec

I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used. Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it. The tool is available at the RainbowCrack site.  A detailed description of this nifty tool can also be found here . So, firstly I had to generate the rainbow tables. The command line syntax is: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index where: hash_algorithm  Rainbow table is hash algorithm specific. R

This is the second episode in the Recovery of Files series.  Episode 1  has a little more background on the whole aspect of file recovery. The video below shows a demo of how to recover lost/deleted files using the proprietary tool commonly known as  Data Rescue PC3 . As in episode 1, in the video, we format the USB drive, add stuff to it, and then format it again in order to recover the deleted files. Again, just like in episode 1, you will also note that not only the files we lost upon formatting are the ones that are recovered, but this will also include the files from previous drive formats too.

This is the third episode in the Recovery of Files series. Episode 1 has a little more background on the whole aspect of file recovery. The video below shows a demo of how to recover lost/deleted files using the tool commonly known as  PC Inspector File Recovery . In the video, we format the USB drive, add stuff to it, and then format it again in order to recover the deleted files. Also, you will also note that not only the files we lost upon formatting are the ones that are recovered, but this will also include the files from previous drive formats too.

The video below shows a demo of how to recover lost/deleted files using the tool commonly known as Recuva . In the video, we format the USB drive, add stuff to it, and then format it again in order to recover the deleted files. A key point to note when it comes to dealing with FAT32 or NTFS systems is that if you write more content to the drive after formatting, in all likelihood it may end up overwriting the sections where the data to be recovered is. You see, when we do a quick format  as shown in the video, we're not wiping the drive per se. We're just stating in the respective file tables that the areas/sectors of disk space that were previously occupied by the data we have deleted are now available for reuse. That's what makes it possible for us to recover deleted files. You will also note that not only the files we lost upon formatting are the ones that are recovered, but this will also include the files from "formats past" as well.

So if you haven't ever heard of the Shellshock vulnerability check this out before you proceed. Oddly enough, there are obviously a bunch of servers and hosts around the world that are still vulnerable to this vulnerability simply because they choose not to update/patch their respective operating systems accordingly. Anyway, while I was hanging around that section of the internet where Kitploit  stays, I came across an interesting tool they mentioned. It's called Shocker  which is basically a tool to "find and exploit servers vulnerable to shellshock". It's available here on github. So what you do is you clone it onto your kali, move into the directory and launch the program shocker.py. The arguments you include may vary (check the help menu) but just include the IP address of the host you're scanning. In this case we used the Shellshock vulnerable VM from vulnhub.com . It then shows us the possible options we can use and then we can finally selec

The video below shows a demo of how to exploit the Metasploitable Linux using a backdoor. After the gaining of access, we then show a few commands in Linux that a hacker can run. In addition to that, we also check the permissions associated with the user profile we have accessed and surprise, surprise, it's Amy Acker (read Root). After that, we then show u the contents of /etc/passwd and /etc/shadow- which when brought together give u the passwords file. However, we won't be getting the passwords file that way. There is a much simpler way I call "Post-exploit exploits". Among these, is one nifty one called gather/hashdump used to gather/get a hashdump of the passwords file. We then take this hashdump to john (also known as john-the-ripper to others) who then proceeds to crack the passwords. In our case, the passwords used are quite simple so the process of cracking won't take much time. However, the more difficult to guess the password is, the harder it is to

The video at the end of this post is a demo of a solution to a forensic challenge from this site .   The goal of the challenge is to extract necessary information for an investigation from a pcap file. the site, forensicscontest.com, has a number of similar challenges that you can try out as well. Obviously, there is more than one way to skin a pcap (the other methods can be found among the solutions/walkthroughs on the site itself) and in this case 2 tools were used: Wireshark NetworkMiner Just to cover a few "mysterious" sections of the video, there is a point where I sorted the packets in wireshark in alphabetical order then looked for the first SMTP packet. The reason is that since we are investigating email evidence, the common protocols we should search for include IMAP, SMTP etc. In this case, the criminal used SMTP. Next, there is a point where we highlight the stream index in the detailed section of the packet. This is because each stream refers