0P3N Blog
Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.



Hallo , first , my English is very slow ..... I am working with the book from Georgia Weidman, "Penetration Testing: A Hands-on Introduction to Hacking". On page 182 "Exploiting WebDAV Default Credentials". My host : Kali Linux My guest : Windows XP 64 bit with Service Pack 2 , install an VMware in another computer . Build my Payload ...


Has anyone tried this certification? https://www.rapid7.com/services/training-certification/certification/metasploit-pro-certified-specialist-exam/ Trying to find out how questions are on this exam. I email rapid 7 but they weren't very helpful. They sent me a link to there help pag which provides no information. I just took this course and exam. What questions do you have?


Hello guys, Ive started learning metasploit a few days ago,Its really a great framework! What I didn't completely understand is the exact difference between a POST,PAYLOAD,EXPLOIT and AUXILIARY and in which specific cases we use the above mentioned. Thankyou-in-advance. ls


My ISP provides me with a dynamic IP address. So the LHOST option for meterpreter will be meaningless since my IP changes every time I reboot my router. From what I have been able to gather is: 1. Use no-ip\[dot\]com to set up a DNS server that links back to me 2. Use /reveres\tcp\dns and set it to my domain ...


Thanks to the Null-Byte user OccupyTheWeb( AKA : OTW ) here is an ultimate cheat sheet on Metasploit's Meterpreter in Kali Linux ( or any other Pentesting OS ). At its most basic use, meterpreter is a Linux terminal on the victim's computer. As such, many of our basic Linux commands can be used on the meterpreter even if it's ...


how do you do to exploit the CVE-2017-3167 with msf , because i can't find it in the database exploit of msf , can you help me ? According to the CVE database there is no module within Metasploit related to 2017-3167. You would need to design your own exploit for it at this time. Feel free to write your own and ...


Hi guys, I recently wrote an article for my blog about a new service that lets you create your own ransomware. Due to Cybrary policies, this article was rejected from Cybrary OP3N, but I still think it would be interesting to some people, so I will write about it here. A new type of ransomware is being freely distributed on ...


Correct me if I'm wrong but MAC addresses start with 0-9 and A-F. Not always. MAC addresses are made up of 6 hexadecimal numbers, so they can start with any permutation on 0-9 and A-F. Sorry, I should have rephrased to say "can start with.." Either way you answered my question. I knew it was correct but one of the CCNA videos ...


I was looking around for a list of command and what they do and found these 2 to be useful. I am sure there are other if anyone else has to share. https://www.latesthackingnews.com/linux-basic-commands/ http://lifehacker.com/learn-basic-linux-commands-with-this-downloadable-cheat-1552019180 I was looking around for a list of command and what they do and found these 2 to be useful. I am sure there are other if ...


LUNARLockdown UNix Auditing and Reporting Introduction This scripts generates a scored audit report of a Unix host's security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation. Why a shell script? I wanted a tool that was able to run on locked down systems where ...