Energizer DUO USB battery charger software allows unauthorized remote system access

Monday, March 8th, 2010

Energizer DUO is a USB battery charger. Included with the charger is a Windows application that allows the user to view the battery charging status. The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer ...

Vulnerability in VBScript Could Allow Remote Code Execution

Tuesday, March 2nd, 2010

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, ...

NMAP 5 Cheatsheet

Tuesday, February 23rd, 2010

Here's a nice little cheatsheet for NMAP 5 making it's rounds today on the internet:http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdfVery handy.

Modifying The Victim’s HOSTS File In Metasploit

Saturday, January 30th, 2010

This is just a quick example of how you can quickly and easily modify the HOSTS file on a compromised Windows system using the meterpreter script called hostsedit.  As always, we start off with a basic exploit to gain a meterpreter session back from the victim's machine:msf > use windows/smb/ms08_067_netapi msf ...

Taking Screenshots Of The Victim’s Computer With Metasploit

Saturday, January 30th, 2010

Here's a quick example of grabbing a screenshot of a compromised system using meterpreter's espia module.  Start with a basic exploit to gain a meterpreter session.  You'll need to make sure you migrate to a process that has access to Active Desktop or else you will get nothing but blank ...