So sometimes you gotta whole lotta hosts you need to run a scan against. Its hard to keep track of them all, so I have created a video showing how to create tables in Metasploit on Backtrack 5.
A few notes about the video:
For something completely different, I am running a half marathon (I know right) in April and have started training for it. Please bear with me as I am now trying to do work (the thing I get paid for), train, and blog (which helps me in my job but still kinda need to do in my off hours).
Next post I will stick with Metasploit and research services for potential vulnerabilities and exploits. The I will move onto web sites and applications. Stay tuned!
A few notes about the video:
- I tried using the xvid codec and it would not work... still tweaking the recording on my test machine so apologies about the sound quality.
- I go off on a tangent around minute 8 (read: so if all you care about is the database you can switch it off) about a script I wrote which grabs tables from the database and outputs each table to a file for you. The point of this script was to have something (not in XML) which I could view the information in (ie a spreadhseet program). It is still a work in progress, so it still does not output super pretty like I want it too (especially db_vulns) but I think its a step in the right direction! I also realized I think my method of search/replace would have worked had I clicked 'Match Entire Cell Contents' in Excel... oh well.
- I am still interested in getting Dradis to work so if anyone has had any luck getting it on BT5 to import the Metasploit database please let me know! Doing some Googling it seemed like issues with Ruby?
- I would be remiss here if I did not talk about Vivek's Metasploit Megaprimer over at Securitytube.net. It is an amazing collection of videos. I hope my blog does not follow his videos too closely, as I will be focusing on finding exploits and vulnerabilities, while his focuses on the amazing power of Metasploit (ie what you do AFTER you pwned someone). Very cool, very worth a watch! Also the metasploit unleashed I discussed earlier is also pretty good at explaning the capabilities of metasploit.
For something completely different, I am running a half marathon (I know right) in April and have started training for it. Please bear with me as I am now trying to do work (the thing I get paid for), train, and blog (which helps me in my job but still kinda need to do in my off hours).
Next post I will stick with Metasploit and research services for potential vulnerabilities and exploits. The I will move onto web sites and applications. Stay tuned!
3 comments:
The Metasploit megaprimer has been re-created with the latest advances and also with a certification: http://securitytube-training.com/certifications/securitytube-metasploit-framework-expert/ Testimonials look good.
This is true. Vivek also has the wireless megaprimer which I also suggest! He has a cert for that one as well....
Awesome Nice work Keep it up ..
And i learned lots of things from this video http://www.securitytube.net/video/2750 may be you like it. vivek done a fantastic job. must watch. :)
Post a Comment