The two main exercises were very interesting involving remote command execution using netcat. However both exercises were about, well, netcat, one on Windows and one on Linux. This was a bit of a let down when there are so many other cool tools under discussion. I was itching to take the Metasploit framework for a ride, or to man-in-the-middle my neighbor's TLS session with the DSniff webmitm tool, but alas, it was not to be.
Here is a fun and safe format string attack to try out from the Windows command line:
C:\> sort %x%x%x
7c812ca900The system cannot find the file specified.
Now try adding a few more percent x's and watch the hex grow!
- Day: Day 3
- Topics: Expoiting systems, IP spoofing, sniffing, session hijacking, DNS cache poisoning, backdoors, buffer overflows, protocol and parser problems, hiding payloads, steganography
- Tools: ethereal, snort, Sniffit, Dsniff, hunt, TTYWatcher, IP-Watcher, Ettercap, jizz, Zodiac, netcat*, Metasploit, inetd, tftp, ADMutate, Hydan, printf format strings*
- Overall value: 3 out of 5
- Coolness: 4 out of 5
* Starred items were part of hands on exercises.