Fuzzing BigAnt server

Make fuzzer then run after clicking attach program in OllyDbg.

  

Fuzzer sends a buffer of 2500 bytes to the application

The crash occurred on the application, but registrer EIP not affected by the buffer. If you want to see in the SEH then select the view and select SEH chain.

 

Press shift + f9, and now the value of EIP changed.

If you see in the column below it looks buffers sent using fuzzer into the stack. To view the data residing on memory application, right-click the line and select Follow in the stack dump.

 ^_____^

IG uses Maltego

This time we discuss about finding IG using maltego. If that has not previously been used maltego have to register before ^ ___ ^.
After registration and then we start the scan.

The above is the first view and select the domain to scan the web, and then drag and drop into the center and then click 2x to change its name...

 then right click select Run Transform then select All Transform the bottom, wait for it to finish.

Do the same on all that has happened scan ..... PLUR

 

Exploit Windows Xp

This time we will discuss exploitation in to windows Xp using Backtrack 5.
No need to elaborate we headed straight to the scene .... ^ ____ ^

1. Target using nmap nessus scan to search for information, services running and weakness or gap

2.     Msfconsole keystrokes to open the metasploit framework on the console.
       Then type the command use exploit/windows/smb/ms08_067_netapi (the vulnerability).

3.     Open show options. There looks the part RHOST empty. Fill RHOST with Ip targets in the can. After that set PAYLOADnya using shell / reverse_tcp. Then go to another show options. 

        4.    Look at the LHOST is empty. Fill it with our Ip, point to accept the return. Then type the command for  execution exploit.

         5.    Finally have entered the system with remote windows on our computer .....    ^_____ ^ 

 

Passive and Active Information Gathering and DNS Info

Active Information Gathering
    Finding information from a web we can do directly in backtrack using nslookup and whois tools her. From there we can get the flow of information to the IG. How is the pace??

Let's get the tools we need.
    - Internet connection.
    - Computer Me (BT 5 R1)
    - Sites that will be scanned
     - A little luck

A.    is2c-dojo.com
ping the site you want to search information to find out his ip

type the command whois (ip website)

And if you use the nslookup it will appear as below

B.    spentera.com
ping spentera.com

then type nslookup ip website

then replace with whois

Passive Information Gathering
    I use the site dns.l4x.org and whois.com to research passive

1. whois.com (is2c-dojo.com)

2. dns.l4x.org (is2c-dojo.com)

3. whois.com (spentera.com)