Wednesday, December 26, 2012

Default Oracle Usernames and Passwords

Metasploit keyscan_start Considerations


Here is a lesson that I learned the hard way. When you use keyscan_start and keyscan_dump, all those keystrokes are stored in RAM  on the target machine- NOT on the hard drive. I suspected as much, and upon further reading its confirmed here:

Normally this would be awesome for forensic reasons, but god damnit, if the person restarts the machine i lost everything. I'm going to start working on a keylogger that continuously sends keystrokes over the wire, just like the javascript keylogger currently does.

I find it incredibly dumb that the only way to retrieve those keystrokes is to manually run keyscan_dump when you feel like investigating the contents. That's not very modular, nor is it easy to build upon. This is me just being a little baby, but seriously, if we're going to make something lets make it awesome...

Thursday, December 20, 2012


Lots of times when i'm on a pentest the status messages i get from trying to auth to an smb server with certain creds are the same. But sometimes i lolwtf? at them. Thats where this handy little page comes in....handy