Well, if you are planning to hack like a pro, then you need to know some of the basic commands for Metepreter exploits, before you dive in below.

A Meterpreter is a dynamic and advanced extensible payload. It deploys in-memory DLL injection stagers. Moreover, it extends over the network during runtime. Nevertheless, t communicates over the stager sockets to provide a client-server Rubi API.

Written by Skape for Metasploit 2.x, there has been an overhaul of the standard extension, and the current one is Metasploit 3.3. Typically, the server side is implemented using plain C and is compiled using and MSVC; thus, making it portable. Besides, the client can be written in any language. However, it is worthy to note that the Metasploit has a full-featured Ruby client API.

How does Meterpreter Work?

-The target first executes the initial stager. Usually, this is one bind, findtag, passivex among others.

-The stager then loads the DLL prefixed with reflective. The reflective tub is responsible for loading or injection of the DLL.

-Next, the Meterpreter core initializes and establishes a TLS/1.0 link through the server socket and sends a GET message. When Metasploit receives the GET message, it configures the client.

-Lastly, the Meterpreter is involved in loading the extension. If the module gives administrative rights, it will load priv modules; otherwise, it loads stdpi. All the extensions are stacked over the TLS/1.0 through a TLV protocol.

Now that you have a clear glimpse of Metasploit Meterpreter. What are some of the Cheatsheet commands to use?

Step one: The Core Commands

Meterpreter is a Linux based terminal based on a victims PC. As such, most of the underlying Linux commands can still be used on the Meterpreter even if you are running on a Windows or other operating systems.

The core commands include:

-?: If you are not sure os nay command, you can use this to access the help menu.

-Background: The control moves the current session to run on the background.

-bglist: Allows you to access all the scripts running in the background.

-bgkill: The command is used to kill any Meterpreter running on the background.

-bgrun: You can use this to run a script as a background thread.

-Close: Closes the terminal.

-help: opens up the help menu.

-irb: Used when you want to go intoRuby scripting mode.

-quit: terminates the session.

-write: Used to write data to a channel.

-read: Reads data from a chain.

-migrate: Used to move the active process to a specific PID.

Step two: The file system commands

The following are file system commands.

-mkdir: Used to make a directory on the victim system.

-rmdir: Used to remove an index from the victim system.

-del: Command for deleting a file on the victim.

-getwd: If you want to print the local directory, then use this command.

-ls: list all files in the current directory.

-edit: Used when you want to edit a file using vim.

-cd: change directory of the victim system.

-cat: Command used to read and output the content of a file.

-lcd: Change local directory.

-download: Used to download a file from the victim systems to an attacker system.

Step Three: Network Commands.

If you want to find something on the network, then the following commands will be handy.

-ipconfig: Used to display all the network interface key information including IP addresses.

-route: Used to modify or view victims routing table.

-portfwd: Command used to forward a victims port to a remote server.

Step four: System commands

Whenever you want to get the details of a victim PC, you can use the sysinfo command. It will display the operating system and the name of the PC. Other system commands include.

-shutdown: Shuts down victims computer.

-reg: Allows you to interact with the victim's registry.

-getpid: Shows the current process ID.

-getuid: Provides information on the user on which the server is running.

-drop_token: help drop the stolen token.

-kill: terminates the PID process.

-ps: Lists all running processes.

-getprivs: Used when you want to get privileges.

-shell: Opens command shell.

-clearav: helps clear event logs on the victim machine.

Step five: Interface commands.

-set_desktop: Changes the Meterpreter desktop.

-screeshot: Grabs screenshots on the victim desktop.

-keyscan_dump: dumps the software keylogger

-keyscan_stop: Stops the keylogger.

-enumdesktops: Provides a list of all available desktops.

-idletime: checks how long the victim system has been idle.

-keyscan_start: Starts the keylogger software associated with a process.

-uictl: Enables control of the UI components.

Step six: Privilege escalation

If you want to escalate the system privileges, you can use the gestsytem command. It uses a 15 built-in way to gain system administrator privileges.

Step Seven: How to dump passwords

You can use the hashdump command to grab the hashes in the password file. Notably, the command often trips AV software, although you can run more stealthy like “run smart_hashdump” or “run hashdump.” The above scripts will stop the AV from tripping.

The post Metasploit Meterpreter Cheat Sheet appeared first on Hack Talk.

So you understand black box external penetration testing. Now it’s time to move on to grey box penetration testing. Grey box testing is for a presenter with only partial knowledge of the internal structure of a network. Grey box testing is the perfect hybrid of the straightforwardness of black box testing and the code targeting of white box testing.

Because grey box testing uses the assertion method to present all the conditions of a program, it is based on requirement test case generation. In order to verify its correctness and make it easy to understand a specification language is required. Required assumptions include Activation of Methods, State Reporting and Report Testing both in Class Under Test (CUT).

Grey Box vs Black Box

While grey box testing is more focused and efficient than black box testing the code coverage is only partial and it can be difficult to associate defect identification in distributed applications. And yet, it cannot be ignored that grey box testing has the advantages of being non-intrusive, handles the intelligence testing exceptionally and maintains unbiased testing conditions required for ethical hacking engagements.

Rather than squandering hours determining elusive information, presenters can use grey box testing to focus their assessment efforts on systems with the greatest risk and value. A sort of cyber triage, if you will. The security of the system is tested by simulating an attacker with long term access to the network.

What are the Best Pen Tests for Grey Box Security Testing?

Because web applications typically require user accounts to be provided (unless the pentester can self register for user accounts) grey box security testing is best suited to web app security testing, due to the test having some knowledge of the application and typically a user or a number of user accounts to conduct the pentest against the web application. Functional of business domain testing is also ideal for grey box penetration testing. This will confirm that the software meets the defined requirements.

Grey box penetration testing is the right way to go when the tester has no access to the souse code and a non-intrusive, unbiased test is desired.

The post What is Grey Box Penetration Testing? appeared first on Hack Talk.

Why HTB and VulnHub 

Simply said, HTB and VulnHub are among the most used sources for pentesters. Both have a great number of PCs, CTF tasks and various hardcore virtual AD forests. HTB and VulnHub are both go-to tools for pen testing researchers.

Hacking The Box 

HTB is one of the latest sources with the latest virtual PCs. All registered users get the priviledge to hack the PC and has over 20 virtual PCs at the same time inside a free server. It also has a VIP subscription of 10 Euros per onth but subscribers can upgrade it to 100 Euros per year.  

For the paid subscribers, they can have access to the old machines inside the source. Along with the access to these machines, subscribers also get to read official walkthroughs by long-time HTB professionals.

HTB also houses one of the most difficult virtual machines to tinker with. However, beginners in the IT course can sample the dummies provided by the program. It also has a useful filter system where you can select the most optimal machine based on your skill level.

Hacking The Box is a very good tool for various skill levels for cyber security personnel and is considered one of the most recommended programs according to specialists in the course.

Even if you do not opt for the paid subscription, the 20 active PCs are good enough for you to work with. However, the subscription is a good investment for long term usage.

VulnHub 

VulnHub or Vulnerable by Design is a more hands-on practical tool that lets you tinker with software, network administration and cyber security. It also provides an easy hub for beginners yet it also provides complex machines for veterans to work with.

Their purpose is to make sure you have the right tools for penetration and have the guaranteed safety to do so. In other words, if you make a mistake in testing, you won’t get in trouble at all because VulnHub protects you.

There are plenty of resources found in VulnHub with the right virtual machines for you to test out. These are created by the users who utilize the VulnHub engine and converting them into a sort of training range for the beginners.

The hub is also constantly updated with the best possible database indexed within its program.

Which is Better to Use  

It’s all up to you. HTB is a very flexible program but is only limited to 20 PCs if you wish to go with its free program. VulnHub is more beginner-oriented and completely free but is more limited compared to HTB. Whatever you choose will remain as a winner.

The post Hacking The Box (HTB) vs VulnHub appeared first on Hack Talk.

Metasploit lets you work with custom codes that are premade for convenience. These codes are usable to probe the weaknesses within the network. You can use these identified weaknesses as documented information to analyze which solutions should be deployed. Metasploit is a great convenient method to discover the various conflicts that lie within the servers.

You can get the program directly from the Rapid7 website.

How It Came To Be 

Developers H.D. Moore and Matt Miller wanted to provide a Perl-based network tool in 2003. They executed the Metasploit Project in that year but was converted to Ruby in 2007. In 2009, Rapid7 acquired the license to the project. It became a tool that was viable for targeting remote exploitations and anti-forensic solutions.

Since then, it became the mitigation tool for cyber security professionals as it became easier for them to use Metasploit rather than probing with various tools that they do not know if they were effective for a weak spot. The convenience of remote testing spread throughout the entire world. What used to be a special tool only used in local areas and private companies is now a free tool for anybody to use.

Who Uses Metasploit 

Anybody is free to use the framework but it is primarily used by DevSec operators and hackers. It is a tool used for both good and evil, depending on whoever is using it.

Thanks to its constant updates, Metasploit provides more than 1677 exploits. These exploits are found in 25 platforms like Python, Java, Cisco, and Android. As for payloads, it includes over 500 of them such as command shell payloads for running scripts against the host’s will, dynamic payloads which lets you generate unique payloads to trespass antivirus protocs, a meterpreter payload which lets you take control over the monitors with VMC so you can possess the machine and do whatever you want with it like uploading and download files, and static payloads which allow port forwarding and various network communications.

The Importance of Metasploit 

Metasploit is now a crucial framework for anybody within the security analysis and penetration testing field. It gives them a glimpse of how malicious attackers can slither through even the toughest systems in the world and provides them the knowledge on how to deploy countermeasures.

This free tool has become one of the main sources for cybersecurity, making it the backbone of both ethical hackers and malicious hackers. It keeps on evolving everyday with more exploits and solutions for the benefit of better security protocols in the future.

The post What is Metasploit? appeared first on Hack Talk.

Reversing

Reversing is a short term for reverse-engineering. Here, you get to play with various reversing tools to discover specific programs, apps and scripts to detect the flag and capture it.

Misc

Also known as Miscellaneous, it presents multiple challenges that make problem solving more fun. True to its name, these challenges are spontaneous are not categorized as a specific type.

Stego

Stego is more of a hidden object type challenge where you need to use steganographic tools to find the flag. It is considered the best challenge for anybody who likes pretending to be a detective.

Crypto

Crypto challenges are stealth-based activities that mainly focus on cryptographic functions. You will need to decrypt well-defended objectives while preventing the watchful eyes of its defender.

Web

If you want to play around web-based apps, the Web challenges should do justice. It is also one of the most popular challenges in the game and has a great set of intriguing themes.

Forensics

Another detective type challenge is the Forensics. It focuses on data recovery where you will need to do intensive investigations to recover batches of data and solve the root of the problem.

OSINT

OSINT is also one of the most played challenges in HTB. Also known as Open Source Intelligence, OSINT challenges provide you with multiple data from makeshift accounts who leave their digital footprints behind. You can use this for algorithm purposes to solve a certain puzzle.

Pwn

An internet slang for “Own”, Pwn is simple to play, but hard to master. You get yourself involved with binary exploitation and also memory corruption. It is arguably one of the hardest types of challenges in HTB.

Mobile

Another popular challenge is the mobile challenges. Mobile challenges let tinker with social media profiles and go through various mobile phone apps to find the flags and other crucial data to recover.

Hardware

Hardware challenges are slightly different from the other HTB apps. You will have to penetrate within hardware systems using the software provided for you. You must analyze the attacks and other attempted penetrations onto the system.

Plenty of Fun as You Learn

HTB challenges are not just learning tools; they are also fun as game programs that provide excitement as you increase your experience.

The post Hacking the Box Best Challenges appeared first on Hack Talk.

Mr. Robot

Considered as the most used Virtual Machines on the hub, Mr. Robot is based on the same show with the exact title. The machine has 3 hidden keys that you need to find on different locations. Obviously, your goal is to find all 3 keys but everytime you retrieve a key, the difficulty significantly gets higher.

By the time you get to the second key, the skll ceiling spikes, giving you an extra layer of challenge. Yet, this is not considered one of the toughest VMs on the hub. It is also the best entry-level VM for beginners and internediate pen testers.

The Necromancer

The Necromancer is a CTF-based VM that is used to prepare its players for the highly competitive SecTalks Brisbane CTF league. You will need to capture 11 keys. The game also gradually gets tougher per key acquisition and, by the time you acquire the 11th key, you must face the “final boss” of the game: the necromancer.

SickOS 1.1 and 1.2 

SickOS is a great two-part VM series where you must fight to get to the highest priviledges to compromise the system. It is also considered as one of the most realistic VMs in the hub as it is replicated from the OSCP labs. 1.1 has a low skill ceiling where you must work your way up in the system to compromise it. 1.2 expands all the best things in 1.1 but on a more masterful level.

Tr0ll 1 and 2 

Another VM that was close to OSCP labs is the Tr0ll series. In this game, you must acquire the root and get a hold of Proof.txt from the /root directory. However, getting there is tough and you will need to work with plenty of strategy. The sequel also follows the same system but with a much harder difficulty.

These VMs are completely free to use and these are just a few out of hundreds of virtual machines in VulnHub. Should you wish to try all of them, consider visiting the VulnHub website.

The post The Best VMs on VulnHub appeared first on Hack Talk.