I recently competed the PWB (Penetration Testing With Backtrack) course and the OSCP (Offensive Security Certified Penetration Tester) certification. Many people have asked what I thought about the class and the certification, and so I decided write a brief post about my experience. When you start the PWB class, you receive over eight hours of [...]

Today I got a Skype alert saying, “Update Notice: WINDOWS REQUIRES IMMEDIATE ATTENTION URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!”. Usually I just laugh, and block the sender. Today, I was feeling a little bit mischievous

i.php, when visited will collect useful information about the visitor.
It can be used to collect cookies or other information from the visiting user

Here is the scenario – you are working on a pen test, and the assigned “flag” is gaining access to a laptop from someone on the organization’s security team. You get access to the internal network through some silly file inclusion or SQL injection vulnerability. You find your target box….but alas, it has has a firewall in place. Not a single port is open. Do you hang your head in shame? No. There are still plenty options. This quick tutorial will look at how to use Ettercap to get someone to open up a server running Metasploit’s browser_autopwn (without even knowing it).

Sometimes the Gnome menu gets all weird (at least for my setup).  Just add the following script into /usr/local/bin, make sure you can execute it (chmod +x resetgpanel).  Run it from the command line, or create a shortcut on the panel itself. [START CODE] #!/bin/bash if ps ax | grep -v grep | grep gnome-panel [...]

I love the XKCD web comics. They are absolutely brilliant, and have become a part of my daily routine. I thought it would be nice to have an archive of the comics…so I fired up my good friend BASH, and asked it to create one for me. This script uses wget to download all the [...]

This tool will find a lot of information on remote computers using Powershell’s Get-WmiObject cmdlet. It can easily find: PC Serial Number PC Printer Info Current User OS Info System Info Add/Remove Program List Process List Service List USB Devices Uptime Disk Space Memory Info Processor Info Monitor Serial Numbers (registry)

Attack Scenario: A Malicious user (Bob) customizes this page by changing variables (see below) Bob sends a link to a copy of this page to an unsuspecting user (Alice). The script will load an iframe containing the “Real” page. The user can use the tab like any other tab.  They can browse to various websites, [...]

(A PDF VERSION CAN BE DOWNLOADED HERE) Intro: The goal of this paper is to help explain and demonstrate some of the dangers of SQL injection. It is in no way complete, and it is far from comprehensive. If you have any comments, suggestions, corrections, etc…please send them to Trenton@HackYeah.com I have always believed that [...]

I just started an IRC channel on freenode for anyone who would like to chat. It can be found at irc://irc.freenode.net/hackyeah.  Web chat is also available by clicking on the chat tab above.