Hackathon notes and links

Update: The hackathon event was recently covered on national tv. Here’s the segment (in Maltese):

The MITA Hackathon from GADGETS on Vimeo.


 

I recently had the opportunity to participate in (my team won as it turned out… Special thanks to Ian Attard and Godwin Caruana) the Malta Information Technology Agency (MITA) Hackathon, organized by TrustedSec. I learnt a lot, thanks to David Kennedy and my team mates. I also did quite a lot of research beforehand and there is a treasure trove of information on the web that i’d like to make a note of for future reference. Maybe others will find the information here of use. Full credit goes to the respective authors of the articles:

Interesting Articles and Links:

Notes:

  • Startup nessus: /etc/init.d/nessusd start, link: http://localhost:8834
  • List SMB shares on a target from linux command line: smbclient -L 1.2.3.4
  • Connect to SMB share “Users” with guest account: smbclient \\\\192.168.12.54\\Users -U guest -N
  • Web application scanners I didn’t know of: w3af , arachni
  • Searchsploit is your friend :) http://www.securitygeeks.net/2013/01/how-to-search-for-exploits-using.html. On kali just type “searchsploit [search terms]
  • Since it’s your friend, you should update it🙂 here’s my script to do just that:

  • To add a new exploit that has been written for metasploit but not currently included in the framework (in Kali):
    • Create a directly called “exploits” under ~/.msf4/modules (note the name must be exploits, else metasploit won’t pick up your scripts)
    • Create a new directory of your choice under ~/.msf4/modules/exploits for example:

      mkdir ~/.msf4/modules/exploits/hackathon

    • Find the exploit you need, maybe using serchsploit, and copy into your newly created folder for example:
      Selection_015
    • Startup msfconsole and search for your exploit (I normally search for the folder name – hackathon – since I pretty much know what I placed in there)
      Selection_016
    • Run the exploit🙂