Archive for July, 2010

PXE exploitation

Update 2: See the latest, including the Defcon talk at my new blog: http://www.scriptjunkie.us/2011/08/network-nightmare/ Update: This complete attack, including the DHCP server, has been incorporated into Metasploit. Update and enjoy. The module is auxiliary/server/pxexploit PXE booting has been around for over a decade and is supported by most system BIOSs. And I have also seen […]

2 Comments

Sessionthief

Another little project I put together a couple of years ago is sessionthief. When I need to quickly demonstrate the insecurity of open wireless networks, this is my first choice, as it has the ability to immediately hack into most websites another user on the same LAN is logged into. It performs HTTP session cloning […]

8 Comments

msfgui – now in metasploit

The new msfgui is now in metasploit; svn up your msf3/ directory to get it. There is also a good review at http://www.darkoperator.com/blog/2010/7/14/metasploit-new-gui.html Initial reception has been good, although a few bugs have popped up. It supports most scripts and most options on them via a right-click menu on a meterpreter session, generates a basic […]

Leave a comment