Once we have created the virtual machine, we need to mount and boot the ISO file as a LiveCD to get Protostar up and running. To do this, click on the "Settings" button in the upper left.
@free_hacking_tutorial
@free_hacking_tutorial
A new window will pop up with several options listed along the side. Click on the "Storage" option. Select the optical drive by clicking on the CD icon in the middle of the window, and then select the file you want to mount by clicking the CD file on the far right side. Once this is done, the name of the image file should appear under the optical drive.
@free_hacking_tutorial
@free_hacking_tutorial
Step 3
Connecting to Protostar via SSH
Start up the Protostar VM by clicking the green "Start" arrow on the VirtualBox home screen. Once the VM is up and running, we can connect to it via SSH. This can either be done in the host operating system (the OS your computer runs) or with another virtual machine. The below post offers some advice on how to get started with SSH on different platforms if you've never used it before.
@free_hacking_tutorial
Connecting to Protostar via SSH
Start up the Protostar VM by clicking the green "Start" arrow on the VirtualBox home screen. Once the VM is up and running, we can connect to it via SSH. This can either be done in the host operating system (the OS your computer runs) or with another virtual machine. The below post offers some advice on how to get started with SSH on different platforms if you've never used it before.
@free_hacking_tutorial
In this tutorial, I'll be using PuTTY on Windows. Depending on the software you use, the steps needed to log in will vary. Across the board, however, you'll need to know the IP address to connect to and the username and password of a local account to log in as. In the case of Protostar, we log in with the username user and the password user.
@free_hacking_tutorial
@free_hacking_tutorial
Step 4
Identifying & Exploiting a Stack Overflow in stack0
The nice thing about Protostar is that it includes the source code for all of the levels on the website. While this may not always be available in real life, it's great to have while beginning to learn binary exploitation. All of the code is written in C, however, so it may be good to run through a quick video or article about basic syntax of the C language.
Let's take a look at the source code for the stack0 level:
@free_hacking_tutorial
Identifying & Exploiting a Stack Overflow in stack0
The nice thing about Protostar is that it includes the source code for all of the levels on the website. While this may not always be available in real life, it's great to have while beginning to learn binary exploitation. All of the code is written in C, however, so it may be good to run through a quick video or article about basic syntax of the C language.
Let's take a look at the source code for the stack0 level:
@free_hacking_tutorial
We can identify two variables in this program, an integer called modified and a string of characters called buffer. The goal of the level is to overflow the buffer variable so that we change the value of the modified variable.
For those unfamiliar with C, there are two things to note. The keyword volatile used when declaring the modified variable tells the compiler that the variable can change at any time without action being taken by the code nearby. If you are unaware, the compiler is a piece of software which translates the C code written here into a machine-readable code that can be executed. Every programming language has a compiler.
Looking at the rest of the program, it looks like the program will ask for input and store whatever the user gives in the buffer variable. After that, there's an if/else statement that checks to see whether or not modified still equals zero. If it does not, then we've caused a stack overflow and completed the level.
The last thing to note is the declaration of the buffer variable. The [64] means that the compiler will allocate 64 bytes of data for this variable in memory. But what happens if the variable is bigger than 64 bytes? Let's take a look!
@free_hacking_tutorial
For those unfamiliar with C, there are two things to note. The keyword volatile used when declaring the modified variable tells the compiler that the variable can change at any time without action being taken by the code nearby. If you are unaware, the compiler is a piece of software which translates the C code written here into a machine-readable code that can be executed. Every programming language has a compiler.
Looking at the rest of the program, it looks like the program will ask for input and store whatever the user gives in the buffer variable. After that, there's an if/else statement that checks to see whether or not modified still equals zero. If it does not, then we've caused a stack overflow and completed the level.
The last thing to note is the declaration of the buffer variable. The [64] means that the compiler will allocate 64 bytes of data for this variable in memory. But what happens if the variable is bigger than 64 bytes? Let's take a look!
@free_hacking_tutorial
WPA3 Standard Officially Launches With New Wi-Fi Security Features
The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended
➖ @free_hacking_tutorial▪️
The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended
➖ @free_hacking_tutorial▪️
Hey members I would like to take suggestion about this channel so please take your fraction seconds of your time and give us comments about this channel @anything_you_need_bot
And if you like it the way it is give it like 👍
And if you like it the way it is give it like 👍
Hackers are always seeking zero-day exploits that can successfully bypass Windows 10's security features. There has been extensive research into creating undetectable malware and entire GitHub projects dedicated to automating the creation of undetectable payloads such as WinPaylods, Veil v3, and TheFatRat.
With a bit of social engineering, tricking a target user into opening a malicious file can be as simple as injecting a bit of Unicode into the file name. For example, the below GIF shows a Windows executable (EXE) disguised to appear as a normal text file (TXT) — even with "Hide extensions for known file types" disabled in the File Explorer Options.
Make no mistake, the file on the right is an executable and, more importantly, recognized by the Windows operating system as an executable. When the fake text file is clicked, it opens a new document using Notepad, the default text editor in Windows 10. After opening Notepad, it silently executes an embedded PowerShell payload (made with Unicorn) which creates a backdoor to the now compromised Windows computer.
Unicorn, created by TrustedSec, is a simple tool designed to assist penetration tester's with PowerShell downgrade attacks and injecting sophisticated shellcode payloads straight into memory. The techniques utilized by Unicorn are based on the work of Matthew Graeber and TrustedSec founder David Kennedy.
@free_hacking_tutorial
With a bit of social engineering, tricking a target user into opening a malicious file can be as simple as injecting a bit of Unicode into the file name. For example, the below GIF shows a Windows executable (EXE) disguised to appear as a normal text file (TXT) — even with "Hide extensions for known file types" disabled in the File Explorer Options.
Make no mistake, the file on the right is an executable and, more importantly, recognized by the Windows operating system as an executable. When the fake text file is clicked, it opens a new document using Notepad, the default text editor in Windows 10. After opening Notepad, it silently executes an embedded PowerShell payload (made with Unicorn) which creates a backdoor to the now compromised Windows computer.
Unicorn, created by TrustedSec, is a simple tool designed to assist penetration tester's with PowerShell downgrade attacks and injecting sophisticated shellcode payloads straight into memory. The techniques utilized by Unicorn are based on the work of Matthew Graeber and TrustedSec founder David Kennedy.
@free_hacking_tutorial
Step 1
Install Metasploit Framework
Metasploit is a dependency of Unicorn. Before installing Unicorn, I'll quickly guide readers through a Metasploit installation to ensure it's entirely up to date using the GitHub repository.
Kali does an excellent job of maintaining stable versions of Metasploit, but I'll show how to install the absolute latest version. First, remove any older versions of Metasploit that may be pre-installed in Kali.
apt-get remove metasploit-framework
Install Metasploit Framework
Metasploit is a dependency of Unicorn. Before installing Unicorn, I'll quickly guide readers through a Metasploit installation to ensure it's entirely up to date using the GitHub repository.
Kali does an excellent job of maintaining stable versions of Metasploit, but I'll show how to install the absolute latest version. First, remove any older versions of Metasploit that may be pre-installed in Kali.
apt-get remove metasploit-framework
Then, use cURL to download the Metasploit installer.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Upgrade the newly created msfinstall file permissions to ensure it will execute in Kali.
chmod 755 msfinstall
Then, execute the installer script with ./msfinstall.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Upgrade the newly created msfinstall file permissions to ensure it will execute in Kali.
chmod 755 msfinstall
Then, execute the installer script with ./msfinstall.
./msfinstall
Adding metasploit-framework to your repository list..OK
Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
metasploit-framework
0 upgraded, 1 newly installed, 0 to remove and 124 not upgraded.
Need to get 161 MB of archives.
After this operation, 377 MB of additional disk space will be used.
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Fetched 65.7 MB in 11min 39s (93.9 kB/s)
Selecting previously unselected package metasploit-framework.
(Reading database ... 145965 files and directories currently installed.)
Preparing to unpack .../metasploit-framework_4.16.57+20180529103642.git.4.6219ce0~1rapid7-1_amd64.deb ...
Unpacking metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
Setting up metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/metasploit-aggregator to provide /usr/bin/metasploit-aggregator (metasploit-aggregator) in auto mode
Run msfconsole to get started
W: --force-yes is deprecated, use one of the options starting with --allow instead.
Adding metasploit-framework to your repository list..OK
Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
metasploit-framework
0 upgraded, 1 newly installed, 0 to remove and 124 not upgraded.
Need to get 161 MB of archives.
After this operation, 377 MB of additional disk space will be used.
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Fetched 65.7 MB in 11min 39s (93.9 kB/s)
Selecting previously unselected package metasploit-framework.
(Reading database ... 145965 files and directories currently installed.)
Preparing to unpack .../metasploit-framework_4.16.57+20180529103642.git.4.6219ce0~1rapid7-1_amd64.deb ...
Unpacking metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
Setting up metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/metasploit-aggregator to provide /usr/bin/metasploit-aggregator (metasploit-aggregator) in auto mode
Run msfconsole to get started
W: --force-yes is deprecated, use one of the options starting with --allow instead.
Metasploit
Directory Tree
When the installer is completed, there will be a new metasploit-framework/ directory in the /opt directory.
@free_hacking_tutorial
@free_hacking_tutorial
Step 2
Install Unicorn
With the Metasploit installation taken care of, the Unicorn GitHub repository can be cloned using git clone github.com/trustedsec/unicorn.
@hackersworldunite
Install Unicorn
With the Metasploit installation taken care of, the Unicorn GitHub repository can be cloned using git clone github.com/trustedsec/unicorn.
@hackersworldunite
GitHub
GitHub - trustedsec/unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into…
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique...