File Structure

...

Read More

Magic Number

...

Read More

Unallocated Space

Definition Unallocated space is logical space on a operating system hard drive, e.g Linux, can write to. To put it another way it is the opposite of “allocated” space, which is where the operating system has already written with files. Examples. If the operating system writes a file to a certain space on the hard drive that part of the drive is now “allocated”, as the file is using it the space, and no other files can be written to that section. If that file is deleted then that part of the hard...

Read More

Slack Space

Slack space is harddisk portions not fully used by the current allocated file, and containing data from a previously deleted file. The example save a 768 bytes file (User_File.txt) that requires only sector 1 and 1/2 sector 2.  Depending on the operating system, the 256 bytes in sector 2 might be filled with 1′s or 0′s .  Sectors 3 and 4 would not be overwritten and considered slack space.  If the slack space contained...

Read More

Master Boot Record

A master boot record (MBR) is boot sector type from IBM Personal Computer consisting of a sequence of 512 bytes that is ocated at the first sector of a data storage device like hard disk. MBR is usually placed on storage devices. The use of MBR are : As a partition table holding, which describes the partitions of a storage device. In this context the boot sector may also be called a partition sector. Operating system bootstraping. The BIOS built into a PC-compatible computer loads the MBR from the storage device and passes execution to machine...

Read More

Root Exploitation via Web Vulnerability (DVWA)

In this tutorial we will practice how to exploit via Web Vulnerability. We use DVWA as the web. We will upload our payload via file upload facility in DVWA (high level), then execute nc command to open socket and listening (medium level), then execute our payload. 1. Information Gatherin using Zenmap We know that the OS kernel is 2.6.3.9 2. Search exploit code in exploit db /pentest/exploits/exploitdb# ./searchsploit 2.6.3.9 3. Because...

Read More

Combining Beef and Metasploit Framework

In last tutorial we practice using metasploit for exploiting the target and modify the webpage in target OS while inject it with beef code. Now, we will using web page injected with beef code. Then, we activate metasploit framework using meterpreter payload and keep it in listening process. So, when the target access our web page, we can exploit it using meterpreter. Now, let's practice it. First, try to make webpage included with beef code. To...

Read More

Using Auxilary in Metasploit for Port Scanning

We will use an Auxilary in Metasploit for Port Scanning ...

Read More

Using Metasploit and Beef Framework

In this article we will combine to use metasploit framework for entering the target, then modify the website code (in this case xampp, file spash.php) can access hook.js when it is loaded. So when target access this website, we can control with beef framework. Now, let's scan the target Next, let's see the content of target OS using metasploit framework Ok, we assume that we have create a malware as in article "Using MsfPayload...

Read More

Using msfpayload and msfencode

In this article we use msfpayload combining with msfencode for generate executable malware will be sent into target system. Before we start, let's we know about them. Msfpayloads is a tool in Metasploit Framework to generate executable malware based on avaiable payloads. Msfencode is one of tools in Metasploit Framework used to encode payloads to pass virus scanners protection so we can ensure our payloads is executed by target system. Because,...

Read More

Social Engineering and SET

Social engineering  is   art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims. The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org ...

Read More

Stack Based Exploitation in Linux

1. Turn off ASLR root@bt:~# cat /proc/sys/kernel/randomize_va_space  root@bt:~# echo 0 > /proc/sys/kernel/randomize_va_space root@bt:~# cat /proc/sys/kernel/randomize_va_space 0   2. Creating program that will be exploit #include <stdio.h> #include <string.h> int main(int argc, char** argv) { char buffer[500]; strcpy(buffer, argv[1]); // Vulnerable function! return 0; } Save...

Read More