Feb 1, 2021

How to build a ping server the hard way

I wanted to implement a simple server that would register source IPs which it was ping from and display it back to me. This way i wouldn’t have to spin up an instance each time I want to test a remote execution vulnerability on a box I’m testing. Scenario: I’m…

Hacking

3 min read

Hacking

3 min read

Oct 16, 2020

How to set up Genymotion and intercept it with Burp Suite

Genymotion is so far my favorite Android emulator. It’s both powerful and easy to use. It’s widely used by developers because it’s way faster than Android Studio emulator. …

Genymotion

4 min read

Genymotion

4 min read

Aug 12, 2019

How to capture network traffic from iPhone with tcpdump

After returning from DefCon I wanted to make sure my iPhone is not communicating with any sketchy servers out there. So decided to run a quick tcpdump on the traffic and here is how to do it: First you need to install Xcode. Once you create a project and connect…

Xcode

2 min read

How to capture network traffic from iPhone with tcpdump

Xcode

2 min read

Jul 16, 2019

SSH tunneling as a VPN alternative full setup

It’s not uncommon that VPN connection to our client’s boxes either breaks mid testing or is blocked by some firewall or IDS. SSH tunneling can be used as a back up connection to already existing VPN connection or as a decent lightweight alternative. Things we’ll need: AWS instance for pivoting …

Security

3 min read

Security

3 min read

Jan 20, 2019

How to add a module to Metasploit from Exploit-DB

Look for the exploit you want to add: searchsploit sonicwall 8.1.0.2-14sv Make a note of the path for the exploit. Next, you would need to create a folder in the .msf4/modules directory that correlates with the path in exploit-db. So in this case I will add cgi/webapps. Go to your newly created folder and copy the exploit: cp /usr/share/exploitdb/exploits/cgi/webapps/42344.rb /root/.msf4/modules/exploits/cgi/webapps/

Metasploit

2 min read

Metasploit

2 min read

How to add a module to Metasploit from Exploit-DB

Look for the exploit you want to add: searchsploit sonicwall 8.1.0.2-14sv Make a note of the path for the exploit.

Next, you would need to create a folder in the .msf4/modules directory that correlates with the path in exploit-db. So in this case I will add cgi/webapps.

Go to your newly created folder and copy the exploit:

cp /usr/share/exploitdb/exploits/cgi/webapps/42344.rb /root/.msf4/modules/exploits/cgi/webapps/

Make sure that you specify both, the root path (its specified right underneath the title “Path” in the searchsploit search output) and the relative path.

Sep 29, 2018

Squid proxy server for penetration testing drop boxes

I perform network penetration testing from headless Kali boxes. This is limiting when I want to test internally available web apps. I can get away with SSH tunneling (aka port forwarding) for basic applications or RDP interface but it quickly becomes a pain once you start interacting with dynamic content…

Pentesting

2 min read

Squid proxy server for penetration testing drop boxes

Pentesting

2 min read

Sep 16, 2018

How to intercept TOR hidden service requests with Burp

My environment for this setup: MacOS, Burp Suite, Tor service, Firefox browser and brew. Install tor service(not the TorBrowser bundle). On Mac you can do it with “brew install tor”. If you don’t have brew installed run this command: /usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install) Here is the link in you…

Burp

2 min read

Burp

2 min read

Sep 10, 2018

How to configure DD-WRT repeater mode for Atheros based routers

DD-WRT does not support repeater mode for Atheros chipset based routers. Hence you will not find Repeater and Repeater Bridge options under Wireless Settings. You can still however achieve similar result with Client mode connection. It won’t be as seamless as it would be in Repeater mode though, you would…

Networking

2 min read

How to configure DD-WRT repeater mode for Atheros based routers

Networking

2 min read

Jun 24, 2018

BeEF Exploitation Framework installation on AWS

I found running BeEF from Kali VirtualBox inconvenient because it requires port forwarding from VMnet, then LAN uggh… You’d really want to connect directly with BeEF. So there. Get Ubuntu or other Debian instance. Red Hat (ie Amazon instance is missing some dependancies). Follow https://github.com/beefproject/beef/wiki/installation. Make sure to install Ruby…

AWS

2 min read

BeEF Exploitation Framework installation on AWS

AWS

2 min read

Jan 4, 2018

Privacy implications of email tracking

What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you’ve read the email, and which device you used to read it. But in a new paper we find that privacy risks of email tracking extend…

Privacy

8 min read

Privacy

8 min read

How to build a ping server the hard way

How to set up Genymotion and intercept it with Burp Suite

How to capture network traffic from iPhone with tcpdump

SSH tunneling as a VPN alternative full setup

How to add a module to Metasploit from Exploit-DB

How to add a module to Metasploit from Exploit-DB

Squid proxy server for penetration testing drop boxes

How to intercept TOR hidden service requests with Burp

How to configure DD-WRT repeater mode for Atheros based routers

BeEF Exploitation Framework installation on AWS

Privacy implications of email tracking

kali null