Update: The hackathon event was recently covered on national tv. Here’s the segment (in Maltese):
The MITA Hackathon from GADGETS on Vimeo.
I recently had the opportunity to participate in (my team won as it turned out… Special thanks to Ian Attard and Godwin Caruana) the Malta Information Technology Agency (MITA) Hackathon, organized by TrustedSec. I learnt a lot, thanks to David Kennedy and my team mates. I also did quite a lot of research beforehand and there is a treasure trove of information on the web that i’d like to make a note of for future reference. Maybe others will find the information here of use. Full credit goes to the respective authors of the articles:
Interesting Articles and Links:
- Getting started with the BEEF framework : http://sathisharthars.wordpress.com/2014/07/22/getting-started-with-browser-exploitation-framework-beef-in-kali-linux/
- Integrating BEEF + metasploit : http://sathisharthars.wordpress.com/2014/07/23/integrating-metasploit-with-browser-exploitation-framework/
- “Lazy Kali Script”: http://uwnthesis.wordpress.com/2013/07/31/kali-how-to-easily-update-kali-lazy-kali-script/
- NMAP NSE Scripts: http://nmap.org/nsedoc/
- Bypassing AV using the (awesome) VEIL framework: veil: http://cyberarms.wordpress.com/2013/06/04/creating-remote-shells-that-bypass-anti-virus-with-veil/
- Another trick to bypass AV – backdoor existing programs (easier when using social engineering), with VEIL backdoors: https://www.veil-framework.com/how-to-customize-backdoor-factory-payloads-within-veil/
- Powershell exploit framework (powersploit): https://www.pentestgeek.com/2013/09/18/invoke-shellcode/
- Bypassing powershell execution policy: https://www.netspi.com/blog/entryid/238/15-ways-to-bypass-the-powershell-execution-policy
- Using the metasploit SMB sniffer module (this works a surprising number of times): http://carnal0wnage.attackresearch.com/2009/04/using-metasploit-smb-sniffer-module.html
- Impacket tools (especially PSEXEC and SMB relay scripts) : http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket
Notes:
- Startup nessus: /etc/init.d/nessusd start, link: http://localhost:8834
- List SMB shares on a target from linux command line: smbclient -L 1.2.3.4
- Connect to SMB share “Users” with guest account: smbclient \\\\192.168.12.54\\Users -U guest -N
- Web application scanners I didn’t know of: w3af , arachni
- Searchsploit is your friend 🙂 http://www.securitygeeks.net/2013/01/how-to-search-for-exploits-using.html. On kali just type “searchsploit [search terms]“
- Since it’s your friend, you should update it 🙂 here’s my script to do just that:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Updating SearchSploit… (Kali Linux)" | |
| # move into the exploit db directory within Kali | |
| cd /usr/share/exploitdb | |
| echo "Downloading latest archive…" | |
| wget http://www.exploit-db.com/archive.tar.bz2 | |
| echo "Downloaded archive, proceeding to extract…" | |
| tar -xjvf archive.tar.bz2 | |
| echo "Removing archive…" | |
| rm -rf archive.tar.bz2 | |
| echo "All done!!" |
- To add a new exploit that has been written for metasploit but not currently included in the framework (in Kali):
- Create a directly called “exploits” under ~/.msf4/modules (note the name must be exploits, else metasploit won’t pick up your scripts)
- Create a new directory of your choice under ~/.msf4/modules/exploits for example:
mkdir ~/.msf4/modules/exploits/hackathon
- Find the exploit you need, maybe using serchsploit, and copy into your newly created folder for example:
- Startup msfconsole and search for your exploit (I normally search for the folder name – hackathon – since I pretty much know what I placed in there)
- Run the exploit 🙂
David Vassallo's Blog 
One thought on “Hackathon notes and links”
Comments are closed.