Mattia Campagnano

Mattia Campagnano

Thursday, March 16, 2017

Reciprocal hacking: Windows/Linux

Today we're going to have some fun with netcat.

We're going to use it to hack a Linux machine from Windows and a Windows machine from Linux.

a) Hacking Linux from Windows

Tuesday, February 28, 2017

How to create a Windows domain controller

What you need
  1. A Windows Server 2012 ISO.
  2. Other Windows computers/virtual machines
Guide

The first step is creating a Windows Server 2012 from an ISO image. I obtained  mine from Microsoft Imagine, formerly known as DreamSpark, leveraging the fact I'm still in the college, at least for the next months.

I created a virtual machine with VMware Fusion, but VirtualBox is an equally viable solution.

Domain Controller Creation Steps


Saturday, December 31, 2016

Goodbye, 2016!

I don't know why people feel the need to write something for the end of the year.

This has been a crazy year for myself and for the state of cyber security in this country and worldwide.

New attack techniques have been discovered and for the first time hackers interfered with democratic elections.

I normally hate celebrations and all the connected rhetoric but I'm graduating in cyber security next week and that seems me a perfect timing for what's going on.

Hopefully, I'm going to go back working in the field soon.

I don't know what I'm going to do or what specific role I'm going to play in this context.

I only know this is but the starting point for the career I want.

We'll see what happens.




Friday, December 23, 2016

How to automate post exploitation with a Meterpreter script

Metasploit is a powerful attacking tool, but you can get the most out of it by automating the post exploitation stage.

After getting a shell on the victim system, if you run some commands recurrently, you can use a script to run them automatically for you.

To demonstrate this, I created a script, named netapi_post.rc, where I listed the commands I wanted to be automatically run.

After that, I exploited my victim XP machine by using the multi/handler exploit, setting up windows/meterpreter /reverse_TCP as a payload (check the embedded video for more details).


Monday, December 5, 2016

How to create basic Snort IDS rules


I am going to create some basic rules to use Snort as an IDS.

The first thing to do is defining what Snort has to protect as the Home network.

You need to edit its configuration file (/etc/snort/snort.conf) as follows:
  1. Change the value of the line ipvar HOME_NET from any to your home network range (in my case, 192.168.2.0/24)
  2. Change the value of the line ipvar EXTERNAL_NET from any to !$HOME_NET (in other words, uncomment the last line shown in the first below screenshot). The value of the EXTERNAL_NET variable will have to be defined as any network other than the Home network.
  3. Apply customized rules by editing the file /etc/snort/rules/local.rules, as shown below.
  4. Edit /etc/snort/snort.conf by adding a line that includes your customized rule file.

Monday, November 21, 2016

macOS or OS X? Time will tell. I won't walk through the Sierra right now

I've experienced El Capitan for a while and I've been very satisfied.

My new Mac has worked flawlessly, because El Capitan is a very stable and reliable system, a rock solid warhorse.

The hacker/pioneer in me, though, was tempted by the new features of macOS Sierra.

I'm very busy with my college, so I postponed this dilemma for a while. 

One weekend, though, I created a clone of my configuration with Super Duper! and decided to give Sierra a go.

I almost immediately regretted my decision.

Tuesday, November 8, 2016

Install Snort in Kali Linux, the easy way

When trying to install Snort in Kali Linux, you may find yourself with a not very encouraging E:Unable to locate package message, alike this one above.

If this occurs, you're left with the only option of compiling it from source, which, in this case, is pretty painful.

Luckily, there's an easier alternative. Aptitude can't find the program we're looking for because it doesn't have the necessary repositories in its database.

So, in order to solve the problem, all we need to do is adding them manually.

Go the repositories list in Kali official website, then right-click and copy each repositories listed there (in other words, right-click and copy all the entries starting by deb, shown in the screenshot below).
That done, open the file etc/apt/sources.list with any text editor of your choice.

Paste the repositories you previously copied from the official website to said file and save it.

Now, you'll only have to run apt-get update -y in order to update your sources list.

With that being done, run apt-get install snort -y and this time around it will work.
Related Posts Plugin for WordPress, Blogger...

Contact Form

Name

Email *

Message *