remote shell

Get a meterpreter shell with PSExec

Let's assume you already got some low-privilege foothold in a network and obtained a working higher-privileged username and (hashed) password via spear-phishing or creating a new account via exploiting an unquoted service path. I'll explain this blog post how you can obtain a meterpreter shell with these credentials. This is also called lateral movement during a peneteration test. Our target machine is the Metasploitable 3 Windows Server 2008 VM. PSExec

Creating the Metasploitable 3 VM

Intentionally vulnerable machines The Metasploitable virtual machines are intentionally vulnerable machines, designed by Rapid 7 - the company behind Metasploit Pro - for training offensive security skills and testing exploits. Another good source of for such vulnerable virtual machine's are available on VulnHub as well. Some VM's on Vulnhub are special crafted CTF machines, which contains 'flags' to find. These flags represent the crown jewels of your target and are

networking portscanning

Network scanning with Nmap

Let's talk network scanning, which is a vital part of offensive security. Nmap The undisputed leader for network scanning is Nmap (Network mapper), which is a free and open source utility for network discovery and security auditing. It's not only used by security professionals, but also by system and network administrators for monitoring and managing purposes. Nmap is extremely powerful as its functions range from determining winch hosts are available,