Mattia Campagnano

Mattia Campagnano

Monday, April 24, 2017

Easily hack user credentials with Social Engineer Toolkit

DISCLAIMER: The technique explained below is intended for educational purposes only. I'm not responsible for any unlawful actions resulting from an unduly use of such information.

Social Engineer Toolkit makes it very easy to steal user credentials to websites.

One of its features, called credential harvester, is a lot of fun.

You can create a clone of a very popular website, such as Facebook or Gmail, and then either send a link to it to your victims through a phishing email or convince the victims to click it by using social engineering techniques.


How-To

Tuesday, April 18, 2017

Easily cast your local media files to your TV with Chromecast

Chromecast is a great solution to cast videos to your TV but, by default, it only works on sites and apps like YouTube.

What if you want to cast a video stored on your local computer to your TV?

There is an easy solution to this problem.

Open the video on your local computer and drag it to an empty Chrome tab.

Alternatively, you can press CTRL+O (or CMD+O on Mac) and choose the file to cast from the resulting window, or you may enter file:/// in your address bar, navigate to the file you want, right-click it and choose open link in a new tab.

Right-click on any empty point in the new tab and choose Cast.

Then you'll see a Cast to box, allowing you to choose the Chromecast device to cast your video to from a list.


Additionally, by clicking the arrow close to Cast to, you can also cast your desktop.

That's all you have to do.
Enjoy!

Tuesday, April 11, 2017

Zero to hero with Social Engineer Toolkit (SET)

I've been playing around with Social Engineer Toolkit over the last couple of days.

I already analyzed how to exploit Windows 7 with SET in my previous post How to hack Windows 7 SP1 64-bit with Social Engineer Toolkit (SET)

This time around I'm going to perform a more accurate simulated pentest on a Windows 7 64-bit virtual machine than I did before.

I created a payload using Windows Meterpreter 64-bit and I moved it to the /var/www/html directory, instead of copying it directly to the victim machine.

This is more realistic, because spam and malicious websites often automatically download files to your local computer in order to compromise your system.

Should you click them accidentally or intentionally (thinking they would give you access to cracked software, porn movies or the like) you're screwed.

Someone like me might immediately pop a shell and own your machine.


If you don't know what I mean by that, it will be clearer in a few.

Tuesday, April 4, 2017

Automated exploitation with persistence – post exploitation to the next level

In previous posts, I showed how to exploit a system using Metasploit. 

Especially Windows XP, but also Windows 7 (in presence of the right conditions) can be hacked within seconds.
However, if the user aborts the session, the victim computer gets rebooted or shut down, our Meterpreter session will die, frustrating all our hard work to get into the system.

When this happens, we're gonna have to exploit the system over and over again.

Luckily, there is a way to prevent that and to automatically open a Meterpreter session for us every time the system is accessed.

Friday, March 31, 2017

Of blonde wigs and lost privacy

I'm no biblical prophet but I have sadly seen this coming a long time ago (Online privacy and anonymity are dead. Get over it!).

Now it's official: we lost our privacy forever.


The new legislation recently voted by the Congress allows ISPs to sell your Internet history to whoever wants to buy it, without your knowledge or consent.

Though refraining from political considerations as much as I can, no one capable of summing two and two might not see this is a first step toward an actual Big Brother dictatorship.

Thursday, March 16, 2017

Reciprocal hacking: Windows/Linux

Today we're going to have some fun with netcat.

We're going to use it to hack a Linux machine from Windows and a Windows machine from Linux.

a) Hacking Linux from Windows

Tuesday, February 28, 2017

How to create a Windows domain controller

What you need
  1. A Windows Server 2012 ISO.
  2. Other Windows computers/virtual machines
Guide

The first step is creating a Windows Server 2012 from an ISO image. I obtained  mine from Microsoft Imagine, formerly known as DreamSpark, leveraging the fact I'm still in the college, at least for the next months.

I created a virtual machine with VMware Fusion, but VirtualBox is an equally viable solution.

Domain Controller Creation Steps


Related Posts Plugin for WordPress, Blogger...

Contact Form

Name

Email *

Message *