Uncategorized

Not a lot to say with this one. It was pretty brief and straight-forward. The downside is I won’t have enough time to get the CTF completed in today’s learning window, so I’ll have to do that another time. It looks tricky though, so I’m looking forward to it.

More enumeration covered with assistance from the Metasploit framework… Next is SMTP, then another lab / CTF.

Some light webserver enumeration (Apache focused, really) using MSFConsole.

Via MSF, and using global variables. On my way to becoming a script kiddie lol.

Just some basic port / service discovery, with a cheeky pivot via a meterpreter session made possible by a XOMA exploit. Good fun.

Not as much time to study today, unfortunately. I was only able to cover a couple of small modules rehashing exporting Nmap scans to XML, then importing into MSF for organisation. Thanks H.D. Moore!

Took a look at these two topics today. XML output to import into Metasploit looks tasty, ngl. On to the next module, more in depth enumeration!

Optimising for success, either via stealth or speed. Timing templates vs specified delays / timeouts… Output formats are next, followed by a quick look at Zenmap too.

Had a good introduction into the NSE today. I also had a play about with some lab environments to do some scanning. Those UDP scans are *slow*! Got a Footprinting & Scanning ‘CTF’ coming up next. I imagine it’ll be a long one that will involve a write-up like my Assessment Methodologies one did.