Nowadays, in almost all my penetration testing projects, HP dataprotector has been the most vulnerable software installed.
I thought of porting the same as a metasploit exploit module. Hence, I wrote exploit for Hp_dataprotector_cmdexec. I will try to describe my work step by step. The input for this was a working exploit-db code (HP Data Protector Remote Root Shell for Linux). The shell code when run normally will give a netcat shell.
So here I start up:
1. Took a standard
Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse. In this article, I would discuss about various enumeration techniques followed by demonstration of few VoIP attacks. I deliberately will not go to protocol level details as
It is a useful social engineering tool by David (ReL1k). It can be used to perform a number of Social Engineering attacks with minimal effort. SET can be used with Metasploit to additionally perform metasploit's powerful post exploitation. This tool can be accessed through web interface or command line.
- Gathering credentials
- Shell spawning by browser exploits
- Mass mailing of malicious payloads to spawn shells
- Shell using USB autorun
- Anti-virus evasion