New video on Remote Command Execution via a vulnerable script / form.
Showing posts with label Vulnerability. Show all posts
Showing posts with label Vulnerability. Show all posts
Thursday, November 5, 2015
New Video - Remote Command Execution
Hey Guys,
New video on Remote Command Execution via a vulnerable script / form.
New video on Remote Command Execution via a vulnerable script / form.
Saturday, September 5, 2015
New Video: Installing and Configuring DVWA - Hacking websites
Hey Guys,
New Video up and running! Showing how to install and configure DVWA (Damn Vulnerable Web Application) for our upcoming videos on Web Pentesting / Website Hacking. Check it out and let me know what you think!
-AfterBurn
New Video up and running! Showing how to install and configure DVWA (Damn Vulnerable Web Application) for our upcoming videos on Web Pentesting / Website Hacking. Check it out and let me know what you think!
-AfterBurn
Monday, August 24, 2015
Updated 8-24-15
Hey Guys,
Just wanted to post an update as to what I am currently up to. First, I see Kali Linux 2.0 is out and that's exciting! I went ahead and ordered a new (to me) laptop, and that should be to me by the 29th. First thing will be installing Kali Linux 2.0. In reading the docs for Kali 2.0, I realized that there are some scripts I can write to certainly save some time, and make stuff easier for the Kali Community, to which I will do as soon as I install it. So keep an eye out for that.
I am searching through my old backups looking for data from the www.learnnetsec.com website. UGH, it may not be as easy as I thought to get the site back and going. But, that said, I want to make it bigger, better, more content, more hacker challenges, forums, learning portals, etc. So until then, this site is serving as the backup. Please subscribe to it. For now, the domain www.learnnetsec.com is forwarded to this one, until I get this resolved.
I am very active on twitter again, so check me out there @LearnNetSec
I am very excited to be back and at it again guys, honestly. I have found new software to edit videos on Linux, and of course its open source! So good bye windows! Once and for all!
Stay Tuned,
- AfterBurn
Thursday, June 13, 2013
Updates: New Stuff!
Hey Guys,
So, I have decided to bite the bullet and buy a real Domain Name! www.LearnNetSec.com - was purchased today with some help from our ad's on the site and on youtube. This site here @blogspot will remain in use as we make a transition to the dedicated domain. I decided to do the dedicated domain so I can have more control over the overall website and blog content. I may also create a forum there for you guys to hang out, discuss, etc. I'd also like to get an IRC channel going but that is a lot of management (had one some years ago).
The second thing that is new, is that I finally joined us to Twitter today! I think twitter is a better avenue to give you guys updates than having to not only post it here, then facebook, and youtube. I have twitter linked with Youtube, so when new videos are uploaded I can quickly share them to twitter as well. So head on over to our Twitter Account HERE and follow us for news, and updates there as well as the blog here.
I am also proud to announce that we have reached 100 subscribers to Youtube! Saturday the 15th will mark the first 30 day mark since this project was created. We have 8 videos on Youtube, so on the average that is 2 new videos a week! It's hard work, but It's totally worth it if you guys enjoy them and learn from the series. And by the looks of things, it seems you guys do!
So, a HUGE THANK YOU to everyone who has contributed to growing this project with me. If it weren't for you, we wouldn't be here at all!
Here's to the future! You guys Rock!
So, I have decided to bite the bullet and buy a real Domain Name! www.LearnNetSec.com - was purchased today with some help from our ad's on the site and on youtube. This site here @blogspot will remain in use as we make a transition to the dedicated domain. I decided to do the dedicated domain so I can have more control over the overall website and blog content. I may also create a forum there for you guys to hang out, discuss, etc. I'd also like to get an IRC channel going but that is a lot of management (had one some years ago).
The second thing that is new, is that I finally joined us to Twitter today! I think twitter is a better avenue to give you guys updates than having to not only post it here, then facebook, and youtube. I have twitter linked with Youtube, so when new videos are uploaded I can quickly share them to twitter as well. So head on over to our Twitter Account HERE and follow us for news, and updates there as well as the blog here.
I am also proud to announce that we have reached 100 subscribers to Youtube! Saturday the 15th will mark the first 30 day mark since this project was created. We have 8 videos on Youtube, so on the average that is 2 new videos a week! It's hard work, but It's totally worth it if you guys enjoy them and learn from the series. And by the looks of things, it seems you guys do!
So, a HUGE THANK YOU to everyone who has contributed to growing this project with me. If it weren't for you, we wouldn't be here at all!
Here's to the future! You guys Rock!
Tuesday, June 11, 2013
What's Up Next?
Hey Guys,
As I am sure most of you have already seen, I uploaded what was intended to be a new Video Intro last night that turned out to be more of a Trailer of what is to come in the next few videos. That Video is HERE in case you missed it.
We will be discussing the "Meat and Potatoes" of actually Hacking. Finally! But, it's way to much information to stuff in one video, even my infamous 45+ minute videos. We will start with an overview of what we are going to learn via Presentation slides and explaining each and every topic. Then we will move on to actually Hacking the Network. Explaining what to use, how, why, where, and when in great detail, as always. This is why it must be a multi-part video. We have a lot to cover!
Moving forward from that, we are going to go into Advanced Techniques, such as firewall/IDS/IPS evasion tactics, Packet Analysis, Reporting, Etc.
I will also be making a few videos in the interim, like, Building a real Virtual Lab using ProxMox (Free), Different types of attacks, like MITM, etc.
So Stay Tuned Guys! It's about to get really interesting!
As I am sure most of you have already seen, I uploaded what was intended to be a new Video Intro last night that turned out to be more of a Trailer of what is to come in the next few videos. That Video is HERE in case you missed it.
We will be discussing the "Meat and Potatoes" of actually Hacking. Finally! But, it's way to much information to stuff in one video, even my infamous 45+ minute videos. We will start with an overview of what we are going to learn via Presentation slides and explaining each and every topic. Then we will move on to actually Hacking the Network. Explaining what to use, how, why, where, and when in great detail, as always. This is why it must be a multi-part video. We have a lot to cover!
Moving forward from that, we are going to go into Advanced Techniques, such as firewall/IDS/IPS evasion tactics, Packet Analysis, Reporting, Etc.
I will also be making a few videos in the interim, like, Building a real Virtual Lab using ProxMox (Free), Different types of attacks, like MITM, etc.
So Stay Tuned Guys! It's about to get really interesting!
Monday, June 10, 2013
It's Monday!
Hey Guys,
Hope you enjoyed your weekend. I apologize for making a post so late in the day, but, well, it's Manic Monday here!
The day is un-winding now. I am hoping to get the new intro done today/tonight. Then I want to move onto getting my virtual lab finished so we can resume Hacking the machines in there on the videos. I am going to redo the lab, because I want to further segment it, and put a Virtual Router/Firewall in place to simulate real world excersizes on how to perform firewall evasion.
I will also do a video on setting up your own Virtual Lab as has been requested by one of our members!
I am also thinking of creating a forum where we can ask questions, get help, etc. This idea I am not sure about quite yet.
Enough out of me! Back to work! :-)
EDIT:
I think what we are going to do is save the Virtual Firewall for the Advanced Video Tutorials.
I really want to get into showing you guys some examples of hacking machines. Then we will do a Virtual Lab setup, and then I will re-do the lab and setup the virtual firewall, fire it up on a Public IP, and show advanced techniques in terms of firewall evasion, etc.
Hope you enjoyed your weekend. I apologize for making a post so late in the day, but, well, it's Manic Monday here!
The day is un-winding now. I am hoping to get the new intro done today/tonight. Then I want to move onto getting my virtual lab finished so we can resume Hacking the machines in there on the videos. I am going to redo the lab, because I want to further segment it, and put a Virtual Router/Firewall in place to simulate real world excersizes on how to perform firewall evasion.
I will also do a video on setting up your own Virtual Lab as has been requested by one of our members!
I am also thinking of creating a forum where we can ask questions, get help, etc. This idea I am not sure about quite yet.
Enough out of me! Back to work! :-)
EDIT:
I think what we are going to do is save the Virtual Firewall for the Advanced Video Tutorials.
I really want to get into showing you guys some examples of hacking machines. Then we will do a Virtual Lab setup, and then I will re-do the lab and setup the virtual firewall, fire it up on a Public IP, and show advanced techniques in terms of firewall evasion, etc.
Sunday, June 9, 2013
New Video Intro
Hey Guys,
I am working on a new Intro to our videos. I find as I am becoming better with Video Editing, that the default intro is kinda boring. I am hoping that tomorrow I can get Win2k3 server installed on the VM server. Also, I need to reinstall win7 because somehow it decided to BSOD with the network config, Not even sure why, but that is MSFT windows for you. All of my UNIX/Linux VM's are chugging right along without a hitch. This is why I love linux!
Anyways it's Sunday and I am going to take the day to relax, it was a rough week! Of course though, my brain never shuts off, so I will be doing some reading on Techie stuff, etc LOL.
Enjoy the rest of your weekend. I will see you all tomorrow, and hopefully I can respond to any questions/emails in a timely fashion for the rest of today.
Also, again, Thanks for the feedback, and questions/suggestions you guys have provided so far! It really goes a long way for me to see people interacting and even helping each other on the comments! Our youtube channel now has 67 Subscribers so far! Not bad for under a month of the sites and videos being active (started this on May 15th). I have you guys to Thank for the fast growth of this project, so Thank You!
As always keep sharing our pages, videos, blog, etc. Thanks!
I am working on a new Intro to our videos. I find as I am becoming better with Video Editing, that the default intro is kinda boring. I am hoping that tomorrow I can get Win2k3 server installed on the VM server. Also, I need to reinstall win7 because somehow it decided to BSOD with the network config, Not even sure why, but that is MSFT windows for you. All of my UNIX/Linux VM's are chugging right along without a hitch. This is why I love linux!
Anyways it's Sunday and I am going to take the day to relax, it was a rough week! Of course though, my brain never shuts off, so I will be doing some reading on Techie stuff, etc LOL.
Enjoy the rest of your weekend. I will see you all tomorrow, and hopefully I can respond to any questions/emails in a timely fashion for the rest of today.
Also, again, Thanks for the feedback, and questions/suggestions you guys have provided so far! It really goes a long way for me to see people interacting and even helping each other on the comments! Our youtube channel now has 67 Subscribers so far! Not bad for under a month of the sites and videos being active (started this on May 15th). I have you guys to Thank for the fast growth of this project, so Thank You!
As always keep sharing our pages, videos, blog, etc. Thanks!
Saturday, June 8, 2013
Happy Saturday!
Hey Guys,
I hope you are enjoying your weekend so far! On Monday I am going to move forward with getting the rest of the Virtual Machines created and configured. I Have ran into a few snags, and that is to be expected since I have never used ProxMox to host VM's before. Since I am lacking the proper hardware to make windows play nicely in ProxMox, it's a bit challenging. I will however press on.
In the meantime, keep reading, and learning.
Do you guys have any suggestions for future videos? Let me know!
And as always Thank You for your feedback, and support! Keep sharing the videos, and our YouTube, facebook, and blog pages!
I hope you are enjoying your weekend so far! On Monday I am going to move forward with getting the rest of the Virtual Machines created and configured. I Have ran into a few snags, and that is to be expected since I have never used ProxMox to host VM's before. Since I am lacking the proper hardware to make windows play nicely in ProxMox, it's a bit challenging. I will however press on.
In the meantime, keep reading, and learning.
Do you guys have any suggestions for future videos? Let me know!
And as always Thank You for your feedback, and support! Keep sharing the videos, and our YouTube, facebook, and blog pages!
Friday, June 7, 2013
Good Morning Good People!
I am going to be out in the field today. I will do my very best to answer any questions you guys may have from my phone.
I hope you guys enjoyed the latest video on ToR and Proxy chains I did yesterday. Please keep spreading the word, Thumbs up the videos, share them, and our facebook page. Thank You!
Enjoy your day!
I hope you guys enjoyed the latest video on ToR and Proxy chains I did yesterday. Please keep spreading the word, Thumbs up the videos, share them, and our facebook page. Thank You!
Enjoy your day!
Thursday, June 6, 2013
Not So Anonymous
First, let me start off by saying in no way to I condone nor condemn Anonymous in any way, shape, or form. That being said;
We have all heard about the Hactivist group Anonymous. And over the last few years many of them have been caught. Reason? They lack the common sense and ability to properly protect their identity, while conducting their "missions". Don't get me wrong, I have nothing against Anonymous, and that is not the point of this thread, however I will say that the main issue with Anonymous is the lack of properly providing information to their "Collective" members on how to properly disguise their identity when carrying out there attacks. Sure, they make it really easy for any kid with a PC to fire up an app and hack a server/machine, but doing so with no realization that they will likely be caught.
Sure, the Federal Government have a lot more tools up their sleeves these days in comparison to the days of people like Kevin Mitnik, etc., but for every action there is an equal reaction. And sure, proxies no matter they type are no longer the safest way of disguising your identity due to servers that log inbound proxy connections, DNS leaks, etc. However, that being said, there are ways around that too, to which I will not disclose here, nor will I entertain how it works.
The truth is, there have been "Hactivist Groups" around for ages, it's nothing new. But Anonymous has grown in leaps and bounds, and that is something we as netsec professionals should be concerned about; After all we are paid to prevent attacks, and find them before the bad guys do, right? But the ones that must harbor the fear of Anonymous are the ones that have something to hide. I Know there are rouge Anonymous members that don't abide by the creed of the group. And the only reasons that exists is because of the lack of management of Anonymous members. Imagine if Anonymous had an organizational structure? The world at large would be digitally doomed.
The reason I brought this up is because of this story here: http://gawker.com/the-fbi-raided-steubenville-anonymous-guys-house-here-511634071
Again, I do not Condone or Condemn Anonymous and their actions. We are here to train network security professionals, as spoken of in our disclaimers. Should you choose to use the information we provide for illegal purposes, we hold no responsibility or liability for your actions. We are simply a means and source of information for people seeking a Professional Career in Network Security.
The Next Video
Hey Guys! - New Video Coming!
The next video I am going to do is going to cover using ToR with Proxychains to tunnel your connections for applications over a proxy, without leaking your DNS!
The end of the week is usually crazy for me. I hope to have this done by Monday the latest!
Also, I have been really impressed with how fast this NetSecNow concept is taking off and growing! You guys are all awesome! Thank you very much for helping us grow and succeed! Please, keep spreading the word, sharing the videos, blog, facebook with your friends and co-workers, it helps a lot! I appreciate all feedback, good, bad, or otherwise! So Thank You for that!
And as always, Stay Tuned!
Wednesday, June 5, 2013
New Video: Setting up and Configuring Metasploit + Armitage and More!
New Video! First Look at Metasploit + Armitage!
Guys! It's finally done! The video on Setting up, Configuring and using Metasploit + Armitage, a look at nmap and zenmap. Also, discussion about up and coming videos!
Update: Video
I put together a video looking at an intro to setting up and configuring Metasploit + Armitage, as it will be needed for our next demonstration video. Also a quick look at nmap and zenmap! It's rendering now (takes about an hour or so) and once it's uploaded to Youtube, I will make a new post about it!
Stay Tuned!
Stay Tuned!
Round 3!
Good Morning,
Okay, so I am going to try this for the 3rd time! I am turning off the ringers on all of the office phones, cell phone, etc.
The video I want to produce today will be about the different phases of Network Security from a Professionals point of view.
I have most of the labs VM machines going, except win2k, as my old install media is messed up and will not work :(. Which is ok, because most of what we will be going over will apply to any machine that is windows based. I am going to fire in a few Linux based machines also, just to give us some more variety.
There is one thing to keep in mind guys; No audit is always successful, and you may not find anything worthwhile. Nothing is 100% guaranteed to succeed!
The video I may wind up producing before we get into this process may very well be setting up Metasploit Framework + Armitage. The only thing holding me back is that I have already went ahead and registered my community version of Metasploit, so I could get the most important updates for vulns. I need to find a way to reverse that so I can show you guys how to do this from scratch!
After that quick video, we will now have most of our more commonly used tools that need configuring setup, so we can dive into the meaty stuff, like actually doing some pentests on the lab! - Finally!
Operation: Get things in order - engaged!
Okay, so I am going to try this for the 3rd time! I am turning off the ringers on all of the office phones, cell phone, etc.
The video I want to produce today will be about the different phases of Network Security from a Professionals point of view.
I have most of the labs VM machines going, except win2k, as my old install media is messed up and will not work :(. Which is ok, because most of what we will be going over will apply to any machine that is windows based. I am going to fire in a few Linux based machines also, just to give us some more variety.
There is one thing to keep in mind guys; No audit is always successful, and you may not find anything worthwhile. Nothing is 100% guaranteed to succeed!
The video I may wind up producing before we get into this process may very well be setting up Metasploit Framework + Armitage. The only thing holding me back is that I have already went ahead and registered my community version of Metasploit, so I could get the most important updates for vulns. I need to find a way to reverse that so I can show you guys how to do this from scratch!
After that quick video, we will now have most of our more commonly used tools that need configuring setup, so we can dive into the meaty stuff, like actually doing some pentests on the lab! - Finally!
Operation: Get things in order - engaged!
Tuesday, June 4, 2013
Good Morning Fellow Hackers of the World!
Good Morning Guys and Gals,
I am still setting up VM's in ProxMox so we can do a full on Tutorial on that. It may take a few more hours to get them all installed.
For now, we will be working with Windows 7 Ultimate, Windows XP Pro, Windows 2000 Pro, and windows 2000 advanced server. I Know what you are probably thinking "Windows 2000?! Who still uses that?!?!" but you would be surprised. A lot of manufacturers still use it because their old proprietary machinist software runs on that platform.
Using windows 7, I want to bring you into the realm of newer OS platforms that are still in wide use, due to the lack of adaptation of windows 8 in corporate environments. Most of the Vulns' and Exploits for win7 can also be applied to win2k8 server, so for the time being, in lieu of a legit copy of win2k8, we will go forward with this.
In terms of windows XP pro.. again you would be surprised on how many corporate environments still have a lot of these lurking around for what ever reason.
Keep in mind, I am funding this entire project out of pocket, so that is the reason for the ads on the blog and youtube. Also, there is always the donations button on the home page, if you feel so inclined :-)
Thanks!
Stay Tuned!
I am still setting up VM's in ProxMox so we can do a full on Tutorial on that. It may take a few more hours to get them all installed.
For now, we will be working with Windows 7 Ultimate, Windows XP Pro, Windows 2000 Pro, and windows 2000 advanced server. I Know what you are probably thinking "Windows 2000?! Who still uses that?!?!" but you would be surprised. A lot of manufacturers still use it because their old proprietary machinist software runs on that platform.
Using windows 7, I want to bring you into the realm of newer OS platforms that are still in wide use, due to the lack of adaptation of windows 8 in corporate environments. Most of the Vulns' and Exploits for win7 can also be applied to win2k8 server, so for the time being, in lieu of a legit copy of win2k8, we will go forward with this.
In terms of windows XP pro.. again you would be surprised on how many corporate environments still have a lot of these lurking around for what ever reason.
Keep in mind, I am funding this entire project out of pocket, so that is the reason for the ads on the blog and youtube. Also, there is always the donations button on the home page, if you feel so inclined :-)
Thanks!
Stay Tuned!
Monday, June 3, 2013
Update on Metasploit + Armitage Tutorial
Well Guys, in testing today with a WIN-7 image on my poor XP VM host box that also runs the Kali environment we have been working with, it has come to my attention that it would be a mistake to try and teach you guys that on this machine, because of the massive amounts of resources windows itself needs to run. The recording would turn out horrible.
So, because I want the best for our learning sessions, I am dedicating a physical machine to handle all of the VM's except for Kali. It will be running ProxMox as it's host OS, which is made to run a VM environment. I am installing it tonight and configuring it with the VM's of what I have; WIN7 Ultimate, Win XP Pro, Win XP Home, Windows 2000, and Windows 2000 server. I was unable to locate my old copy of windows server 2003, and I am still awaiting a donation of a legitimate copy of windows server 2008 for demo purposes. I really want you guys to get a feel for what you are up against out there in the wild, so I am taking my time to do it right, and make available to you as much as I can conjure up in my contacts.
I will be happy if I can get a video out on it tomorrow at least showing windows 7, and XP in the scans with metasploit and armitage,
On another side note, if all goes well with ProxMox (never used it), Perhaps I will setup an subscriber based private network environment for you guys to hack away at. That would be the best to simulate real-world road blocks that you may run into. I have 4 extra static IP's sitting here doing nothing, so why not put them to good use :-)
I apologize for the delay.
So, because I want the best for our learning sessions, I am dedicating a physical machine to handle all of the VM's except for Kali. It will be running ProxMox as it's host OS, which is made to run a VM environment. I am installing it tonight and configuring it with the VM's of what I have; WIN7 Ultimate, Win XP Pro, Win XP Home, Windows 2000, and Windows 2000 server. I was unable to locate my old copy of windows server 2003, and I am still awaiting a donation of a legitimate copy of windows server 2008 for demo purposes. I really want you guys to get a feel for what you are up against out there in the wild, so I am taking my time to do it right, and make available to you as much as I can conjure up in my contacts.
I will be happy if I can get a video out on it tomorrow at least showing windows 7, and XP in the scans with metasploit and armitage,
On another side note, if all goes well with ProxMox (never used it), Perhaps I will setup an subscriber based private network environment for you guys to hack away at. That would be the best to simulate real-world road blocks that you may run into. I have 4 extra static IP's sitting here doing nothing, so why not put them to good use :-)
I apologize for the delay.
Installing VM's
Just an update:
I am installing a windows 7 VM for testing purposes for the next Video Tutorial: Metsploit Framework + Armitage. I will also be installing a windows XP Pro VM to show you how to hack those as well. Most companies believe it or not are still running XP and server 2003. I need to find my old server 2003 disc and get that going too. I already have metasploitable installed as a VM so perhaps this session we can do one video on metasploitable, and one on windows 7 stock install. We shall see.I am realizing that my 45 minute videos are much too long for most people, so I am looking into ways of doing multi-part, shorter videos to keep you guys interested :-)
#busybee
As always, keep spreading the word about our project, our audience is growing, so the more the merrier! Keep up the great work guys! Thanks!
Subscribe to:
Posts (Atom)