Wget FTP Symlink Attack Vulnerability http://thehackernews.com/2014/10/cve-2014-4877-wget-ftp-symlink-attack.html [Bug-wget] GNU wget 1.16 releasedIt is available for download here: ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.xz and the GPG detached signatures using the key E163E1EA: ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz.sig ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.xz.sig To reduce load..
SQL Injection with SQL Ninja and Metasploit Hacking Tutorial In this blog I will show you a pretty sweet tool called SQL Ninja in the Metasploit Framework. There are a lot of SQL injection tools out there but this one is my favorite because instead of extracting the actual data it focuses on getting a interactive shell on the remote DB server, and uses it as a foothold against the target network. So let’s go ahead and dive in to the wonders of SQL Ninja.F..
Metasploit Framework 4.2.0 “The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“ Official change log for Metasploit Framework 4.2.0: IPv6 Coverage: M..
MSFConsole Prompt Fiddling In @carnal0wnage and my presentation at DerbyCon 2011 we talked about using SCREENand SCRIPT to keep connections live / use them across SSH sessions, and log everything that happens. What we didn't cover is the fact that there isn't a time stamp for those logs. Now, Metasploit has multiple ways of creating logs: cat ~/.msf4/logs/framework.log This log automatically logs all of the error data tha..