Category Archives: Security

Persistent mount for luks with unlock Key

creating a encrypted disk with luks

our  Little problem here to mount a encrypted disk  automatically on boot

so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen

so lets do it first we have to create a key and add it  our partition

to create a key

don’t forget it to set key permission to be 600

Continue reading Persistent mount for luks with unlock Key

Linux Disk Encryption with LUKS

today we going to make an encrypted disk partition

list prepare our partition

I have a new disk in  /dev/sdb

I will create a partition 100 on it with fdisk

Continue reading Linux Disk Encryption with LUKS

RPM integrity and scripts

Yum repository comes with gpg  and md5 support to verify the validity of the package

You can list installed gpg keys in your system via

It will show the unique id for the installed keys in your  system

gpg-pubkey-e8562897-459f07a4
gpg-pubkey-217521f6-45e8a532

To list all information related to a key
rpm -qi pgp-key-unique-id

 

It will show version, vendor  and much more useful for debugging
To verify a package against the  installed keys

U can use parameter  k with rpm

Continue reading RPM integrity and scripts

port forward & pivoting with meterpreter

Let’s assume u attacked machine with 2 nic cards

our IP is 10.0.0.5

first, one ip is 10.0.0.10 that you reach it from

and in ifconfig shows, the machine has a different  IP 10.0.2.30

you can scan the network 10.0.2.x via meterpreter

arp_scan

we can connect to the RDP server of the machine 10.0.2.30

via adding a route from out local port 9389 to the machine 10.0.2.30:3389

Continue reading port forward & pivoting with meterpreter

MetaSploit Payload to Executable EXE

Continue reading MetaSploit Payload to Executable EXE

bruteforce ftp files and folders

sometimes if the listing not working we need to brute force files and folders

here is a simple python script to brute-force folders

FTP brute force files

note this script will try to download files in your dictionary attack

so recommend to run it inside tmp folder

 

SMASH THE STACK LEVEL6

Smash The Stack  Level 6

this app take 2 argument

1 – username

2- password

it takes it then say hi

also, it checks ur env language

and change the msg

let’s make some love with gdb

btw without change ur language, it will not overwrite the EIP

Continue reading SMASH THE STACK LEVEL6

Get Environment Variable memory Address

some time u put the shellcode inside  the environment and u will need the address of it to build ur payload

here is a simple C code to get the address

 

 

Duplicate File Finder By MD5SUM

Hello

this is a simple script to find the duplicated files by md5sum

so if u have 2 files with the same content  but with different   names, u still can catch them

Continue reading Duplicate File Finder By MD5SUM