metasploit
Metasploit Release Database of Weak SSH Keys for Debian OpenSSL Vuln
The metasploit guys have released a database of all 1024-bit DSA and 2048-bit RSA SSH public/private keypairs that could have been generated by x86 Debian/Ubuntu hosts vulnerable to the OpenSSL Predictable Random Number Generator flaw. This opens up the possibility of two practical attacks against weak SSH keys during pentests: If you can read a […]
Blog metasploit, pentest, ssh, 0
Incognito Integrated Into Metasploit
I just read a brilliant blog post on Carnal0wnage. Luke Jennings’ Incognito has been integrated into metasploit. Check out Luke’s recent paper if you missed it. In a nutshell, if you get SYSTEM level access to a box (e.g. MSSQL database) and a domain user is logged into that box, then you can use meterpreter […]
Categories
- Blog (78)
- Cheat Sheets (10)
- Shells (1)
- SQL Injection (7)
- Contact (2)
- Site News (3)
- Tools (17)
- Audit (3)
- Misc (7)
- User Enumeration (4)
- Web Shells (3)
- Uncategorized (3)
- Yaptest (15)
- Front End (1)
- Installing (2)
- Overview (2)
- Using (8)