Tag Archives: Tools

Metasploitable!

Metasploit now has a utility to allow people to practise pentesting on a controlled environment.  Termed “Metasploitable”, I’m guessing it is because it is “pwnable” 😉

It’s basically an Ubuntu 8.04 server on a VMware 6.5 image, running plenty of old and vulnerable services.  Yummy!

It is available to Metasploit Express customers from the Customer Center, and for the rest of us peeps, it’s freely available for download via Bittorrent. (a bit slow, but I’ll try to seed this for as long as possible when I managed to get it entirely)

More info at the blog post.

[via Metasploit Blog]

Advertisements

Weird outgoing IP accesses…

Found out by accident (plenty of “accident”s happening with me recently) that one of the home computers has been connecting out to some weird China IP amongst others, all of which are blacklisted according to robtex

Starting to get quite concerned, since there was a lot of stuff that was previously installed, like those that you “need” to install in order to view online videos.

Will start to do some verbose logging to gather more info, but this isn’t looking good so far.  How this came up was because of the way the computer tried to connect to the site, apparently it tried to make too many connections at the same time, causing the router to think that there’s a SYN flood attack going on lol.

Culprit #1 – 221.238.197.38 [robtex report]

Other culprits: 204.2.160.27 [rb], 61.155.137.7 [rb]

Getting additional (IP/network/location) info along with your Splunk searches

Chanced upon some of the info by accident (smack at the bottom of one part of the Splunk documentation…), but I can’t find it now.  Going to share here anyway 😀

Some (or probably most/all) of your searches might involve public IP addresses, and more often than not we would want to have additional info along with the IP address to work with.

Three of the things that we could do in Splunk automatically would be to get IP-location info, or to reverse lookup an IP to a domain, or to lookup a domain to an IP.

Continue reading Getting additional (IP/network/location) info along with your Splunk searches