0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

A Short Practice Guide for PenTests
By: Laird
July 16, 2015

A Short Practice Guide for PenTests Definition: A penetration test is a proven method that looks for security weaknesses, potentially gaining access to the computer's features and data. Typical starting points for penetration tests are: Active components like router, switches or gateways Security gateways like firewall, packet filter, intrusion ...

How to Fix a Virtualbox Showing Only 32Bit Guests on a 64Bit Host
By: Darshan Bhavsar
July 16, 2015

Today, I'm going to show you how to Fix a Virtualbox Showing Only 32Bit Guests on a 64Bit Host.In Windows-based Os's, there's a function called "Virtualization". Virtualization is: a hardware virtualization or platform virtualization, which refers to the creation of a virtual machine that acts like ...

Public, Open Wireless Hotspots: To Connect or Not
By: Paddy
July 15, 2015

Abstract This paper highlights the risks involved with connecting to an untrusted network such as public Wi-Fi.  These networks are highly insecure due to data being emitted through airwaves.  This allows for attackers to easily eavesdrop on network communication by creating an evil twin access point and taking advantage of devices ...

Metasploit: Routing Traffic from a Non-Routable Network
By: Multi Thinker
July 14, 2015

According to Offensive-Security: Pivoting is the unique technique of using an instance (also referred to as a ‘plant’ or ‘foothold’) to be able to “move” around inside a network. Basically using the first compromise to allow and even aid in the compromise of other otherwise inaccessible systems. In this scenario, we'll be using it for routing traffic from a ...

How to Get Screen Captures Using Metasploit and Meterpreter
By: Multi Thinker
July 14, 2015

Hi Again,Today, using metasploit and meterpreter, I will tell you how to screen capture a victim's PC / applications.What we need is metasploit and meterpreter configured and opened. This step starts when we have any meterpreter session opened. Every time, after going to CMD, we have Meterpreter Session opened, don't ...

Tutorial: Packet Sniffing
By: Multi Thinker
July 14, 2015

Packet sniffing was never easy before. In the late 90's, we used tunneling, wire Shark, MITM and SSL Striping.After a payload of reversetcp in meterpreter, all we need is to use exploit " sniff "I assume you have msfconsole opened and configured.Let's begin...Location and using Windows SMB exploit:msf > use exploit/windows/smb/ms08067netapi Setting payload of reversetcp: ...

Meterpreter Backdoor
By: Multi Thinker
July 14, 2015

Meterpreter Backdoor requires a script named metsvc It's a list of useful commands use to interact with a victim's machine from a backdoor.To get that script, go to: https://www.phreedom.org/software/metsvc/ Ok, now I assume you downloaded the script and have configured the msfconsole for it.Let's start...After our session has been started in meterpreter metasploit ...

Meterpreter: Remote Desktop
By: Multi Thinker
July 14, 2015

As I said before, when we have session open in meterpreter or we have access to cmd, we can add rules for the firewall to accept our connection or to disable the firewall. Let's use method getgui -u -p: -u stands for username and -p stand for password. When we're in someone's computer cmd (command prompt), we ...

Pass The Hash
By: Multi Thinker
July 14, 2015

Hi once again,Using this method, all we need is an SMB ( LAN ) fully compromised PC user-name, as we have recently exploited WindowsXp SP 2. Now that we know his user-name, we need to move into the LAN to other PCs.Let's begin...Running the Metasploit console, I assume you have Metasploit opened and ...

Metasploit: Incognito Attack
By: Multi Thinker
July 14, 2015

Hi there,This is Metasploit part 1. In a recent article, we learned about the basics and a little bit of configuration. Here, we'll be a little more advanced. Meterpreter What's meterpreter? Meterpreter is a DLL injector, mostly used to hijack windows security. A list of commands can let us overtake security of Windows and make changes ...