Archive for category /dev/urandom

Vulnerable systems setup

I frequently get asked how to set up a test lab to practice hacking on… So I looked through some release timelines and postings to figure out which versions of your favorite browser, plugins, and PDF reader would be installed if you had up-to-date versions of each on January 1st of the past three years, and where you can get them from. Enjoy.

No Comments

Fragerizer – profile-guided load-order disk optimizer

A full load of the Metasploit GUI with database entails accessing almost 10,000 objects on disk. Even if you defragment your hard drive, you still wait for the access time of the disk to seek and access each file.

It would be faster if each file and directory was laid out on disk in the order that it would be accessed to load more quickly. So I wrote fragerizer, a smallish utility to perform that arranging for you. And invented a new word:

Fragerize. v. To defragment and arrange files & directories sequentially on disk in order of use.

, , , , ,

No Comments

Original Source Forgery

If you were looking for vulnerabilities on a website, you might open up the original page source looking for commented-out code, javascript source, hidden forms, etc. If you suspected an XSS attack on your own site, chances are you might right-click on the page and view source to check for unwanted scripts. If you needed to register for CTP, hack this site, or read the snarky comments in the HTML of, you would probably need to view the page source.

This is all based on your assumption that when you right-click on the page and select “View Source” the text you see is the HTML source that the server sent to your browser when it requested the URL in your address bar. Unfortunately if you assumed this, you would be wrong […]

, , , , , ,


Shells, terminals, and sudo mitm

In many situations, you can find yourself with a simple shell, able to read and write stdin/stdout, but some command that you are using requires a full terminal. Example: you got a netcat shell on a server or you’re writing a web application with popen() calls, etc. If you need to execute a command through […]

, , , ,

No Comments

Team metasploit and msfgui on Windows

First, in answer to a common question, the new msfgui can be run on Windows if Java is installed by double-clicking (starting in your program files directory) MetasploitFramework3msf3dataguimsfgui.jar so make a shortcut to that and place it on your desktop. Next think about the fact that Metasploit has more features and runs with less memory […]

No Comments

Screwing with Nmap

It is always interesting to me to see what defense can be put up against tools used by attackers/pen testers. I don’t believe there are any public exploits against Nmap (Secunia is not aware of any at least) and I doubt I could find a useful one against a basic scan. On the other hand, […]

No Comments

PXE exploitation

Update: This complete attack, including the DHCP server, has been incorporated into Metasploit. Update and enjoy. The module is auxiliary/server/pxexploit PXE booting has been around for over a decade and is supported by most system BIOSs. And I have also seen it left on in production environments. Although it is very convenient for mass OS […]

No Comments


Another little project I put together a couple of years ago is sessionthief. When I need to quickly demonstrate the insecurity of open wireless networks, this is my first choice, as it has the ability to immediately hack into most websites another user on the same LAN is logged into. It performs HTTP session cloning […]


XSS, no really

XSS tends to get the eyeroll treatment from security pros since a) it’s everywhere. 2 min of looking for an example on the GOP website, and tada: b) your 8-year-old kid can find it after about 2 minutes of instruction c) it doesn’t give you a shell (directly) But it still works. And it […]

No Comments

Security advice

Great post from rsnake; pointing out a Microsoft Research paper (So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users ) on how security advice often does more harm than good. I have always disagreed with password policies. There is no gain to most strict password policies over […]

, ,

No Comments