Pentesting

Metasploit Meterpreter and NAT

Published January 4, 2014 |

Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking “naked” is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the […]

Posted in Metasploit, Pentesting | Tagged how-to-hack-nat-metasploit, how-to-use-metasploit-over-internet, httpswww-corelan-beindex-php20140104metasploit-meterpreter-and-nat, kali-metasploit-bind-with-pdf, metasploit, metasploit-behind-nat, metasploit-exploits-xp-sp3, metasploit-over-the-internet-kali, metasploit-targets-my-router, meterpreter, meterpreter-workings, nat, pentesting, port forwarding, reverse connection, reverse nat, reverse_http, reverse_https, reverse_tcp, value-of-lhost-in-metasploit-from-behind-firewall

Zabbix SQL Injection/RCE – CVE-2013-5743

Published October 4, 2013 |

By Corelan Team (Lincoln)

Table of ContentsIntroductionDisclosure Timeline:Vendor DetailsVulnerability DetailsThe patch Leveraging SQL InjectionCool! We got Admin, now what?Code Execution Further Exploitation? Introduction First off, please do not throw a tomato at me since this is not the typical Windows binary exploit article that is posted on Corelan! During a recent a penetration test, I encountered a host running Zabbix, an […]

Posted in Pentesting, SQL Injection, Web Application Security | Tagged 3, 5743, 5743-views, burp, corelan-be-zabbix-2-0-8, cve-2013-5743, exploit-sql-injection-2013, facebook-sql-injection-2013, got-a-deauthentication, metasploit, pentest, putting-injuction-in-bobs-video-for-free-download, putting-injuction-on-bobs-video-for-download, python-sql-injection-pastebin, single-url-sqli-scanner-php-pastebin, sql injection, web application, zabbix, zabbix-2-0-8-code-execution, zabbix-sql-injector-gratis-download

Installing Watobo on BackTrack 5

Published July 23, 2011 |

By Corelan Team (fancy)

Watobo author Andy Schmidt made 2 great videos about installing Watobo on Windows and on BackTrack 5.
I created a rather simple and short shell script to install Watobo on BT5. Nothing new, nothing sensational, just to alleviate the installation process.
Continue reading →

Posted in 001_Security, Pentesting, Web Application Security | Tagged andy schmidt, back-track-5-scripts, backtrack, backtrack-5, backtrack-5-gem1-8-install, backtrack-5-script, backtrack-5-scripts, backtrack-5-scripts-download, backtrack-scripts, backtrack-shell-scripts, blacktrack-team-sharing, install, install-ciso-di-backtrack-5, install-watobo-in-backtrck, jak-zainstalowac-ssh-c-ubiquity-backtrack, script, watobo, watobo-backtrack-install, watobo-was-created-by, www-remote-exploit-orgbacktrack_download-html

Pastenum – Pastebin/pastie enumeration tool

Published March 22, 2011 |

By Elliott Cutright

When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.
Today, we want to present a tool that can be added to your reconnaissance toolkit.
Continue reading →

Posted in 001_Security, Pentesting, Scripts | Tagged backtrack-3-free-download, backtrack3-free-download, colored, enumerate, gem, gscraper, json, mechanize, nokogiri, nullthreat, pastebin, pastenum, pastie, pentest, query, reconnaissance, ruby, rvm, scrape, uri-query_params

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Metasploit Meterpreter and NAT

Zabbix SQL Injection/RCE – CVE-2013-5743

Pastenum – Pastebin/pastie enumeration tool

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!