View RSS Feed

sohil_garg

  1. HP DataProtector - Porting exploit to metasploit.

    Nowadays, in almost all my penetration testing projects, HP dataprotector has been the most vulnerable software installed.
    I thought of porting the same as a metasploit exploit module. Hence, I wrote exploit for Hp_dataprotector_cmdexec. I will try to describe my work step by step. The input for this was a working exploit-db code (HP Data Protector Remote Root Shell for Linux). The shell code when run normally will give a netcat shell.
    So here I start up:
    1. Took a standard ...

    Updated 04-10-2012 at 04:21 PM by sohil_garg

    Categories
    Uncategorized
  2. Enumerating and Breaking VoIP

    Introduction

    Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse. In this article, I would discuss about various enumeration techniques followed by demonstration of few VoIP attacks. I deliberately will not go to protocol level details as ...
    Categories
    Uncategorized
    Attached Thumbnails Attached Images
  3. Social Engineering with SET

    Introduction

    It is a useful social engineering tool by David (ReL1k). It can be used to perform a number of Social Engineering attacks with minimal effort. SET can be used with Metasploit to additionally perform metasploit's powerful post exploitation. This tool can be accessed through web interface or command line.
    Prominent Uses

    • Gathering credentials
    • Shell spawning by browser exploits
    • Mass mailing of malicious payloads to spawn shells
    • Shell using
    ...
    Categories
    Uncategorized
    Attached Thumbnails Attached Images