Member Avatar for osagie.odigie.77

HAY Ninjasssssssss !

WHO WANTS TO BE A PART OF HISTORY ???

I’s asked recently by a friend to do a pentesting on d system dat he administers with the consent of his boss (not Illegal). I had a whole lot of pentest tools in my archive (most command line based) that am very much used to. I however came across a powerful one that encompassed it all (life is good). I’ve been studying its documentation (metasploit by name) for the past two weeks to keep me abreased with its implementations and workings (though programmed with Ruby---a language am hearing for the first time in my life, as against c++ that defaultly runs in my vain).

Just a little pentest on the box revealed a vulnerability for an installed adobe flash player. I wish to help him do a patch (actually why I’s asked), but first chosed to get an exploit that suits that vulnerability. I checked securityfocus.com for one, but to no avail. cos a vulnerability for that flash version was released berely five months ago. Exploit development for it is needed !

MY QUESTIONS

  1. Is there a way to have the exploit translated (or whatever) into Ruby (metasploit’s default language, wherein am a full blooded apprentice) after coding it in c++ (my language of expertice)?
  2. Is the Ruby language a programming or a scripting language ??
  3. What metasploit’s module can I use to send me a mail after initiating a keylogger in the box(rather than through key_dump command of its metapreter), or will I have to customise my smtp mailit() code (in c++), have it translated to Ruby(if at all possible) and add it as a plug in for metasploit’s extensibility ?

I hate to reinvent the wheel (don’t wanna learn Ruby)! so, any detailed answer or guide to a link/ebook on these will be highly appreciated and acknowledged in my almost completed exploit code snippet.

keep me in line with ur response (if u chose to be anonymous)

lets save the world from “uhukilistic” tyrants

Edited by pritaeas because: Fixed markdown, removed e-mail address.
  • 5 Contributors
  • 6 Replies
  • 223 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by mike_2000_17

Recommended Answers

All 6 Replies

Member Avatar for Ancient Dragon

HAY Ninjasssssssss !

No clue what that means. AFAIK you are calling everyone vulgar names.

I’s asked recently by a friend to do a pentesting on d system dat he administers

What the hell does all that mean??? what is "d" and "dat". Write English please. And I have no idea what "pentesting" means either.

I hate to reinvent the wheel (don’t wanna learn Ruby)!

If you are attempting to translate something from Ruby to c++ then you have no choice but to learn Ruby. You can't translate French to English if you don't already know both languages, so what makes you think you can translate Ruby to C++ without knowing Ruby??

Edited by Ancient Dragon
Member Avatar for osagie.odigie.77

sometimes as a c++ coder wen am given jobs by my boss to do in java/visual basic, i'd got an application that helps me do the translation to d desired programming language of his choice. i tot there'll be a similar tin(App) dat could help me do same (ie translate into Ruby). thats why am asking------as no man is a sole monopoly of knowledge.

as for calling you guys Ninjasssss , am very sorry for that. i never meant to be vituperatively satirical on you (cos its a normal term used by "cowboys" in the world of pentesting). i hope this apology finds a way in ur hearts as it will not repeat itself...........i promise !

that being said. i ask you (dragon). wouldnt it have been better if u do a research on the meaning of pentesting before attempting to make an idiot of urself publicly ? dat u see me write "the" as "d" (for abbreviation purpose), which u KNOW is dat y u should ask me to start writing in english(rather dan french) ?

if u dont have an answer to my post>>>>>>>>>>>>>>>>>>>>just SHUT up .

be guided pls.

Edited by osagie.odigie.77
commented: Good job making it hard for non-English speakers to read your posts -3
Member Avatar for deceptikon

if u dont have an answer to my post>>>>>>>>>>>>>>>>>>>>just SHUT up .

Last I checked, this was a public forum. AD makes a good point. Your writing style makes a strong first impression, and it's not a good one.

That said, I have an answer to your post. Discussion of writing exploits is against Daniweb's rules. Please find help cracking into systems elsewhere.

Member Avatar for Ancient Dragon

i ask you (dragon). wouldnt it have been better if u do a research on the meaning of pentesting before attempting to make an idiot of urself publicly

Look who is calling who an idot? You don't even know how to spell or write a readable sentence. [rant]And you can thank too much texting for that problem. You are not alone -- probably most teenagers today have the same problem, too much texting and not enough education. [/rant]

Edited by Ancient Dragon
Member Avatar for happygeek

Sounds to me like your 'friend' needs to find a proper penetration tester, if indeed this was ever the case. Why do you need to write an exploit for a vulnerability that you have found? That doesn't sound like a pentester to me, sounds more like a wannabe hacker.

As Deceptikon has already said, you are in the wrong forum for discussing this stuff - read the rules and you will find this is made quite clear. You might also like to read the rules regarding keep it pleasant while you are there!

Member Avatar for mike_2000_17

Anyone that is concerned enough about security to commission a pentester would probably not make the blatant mistake of keeping flash players installed on their network's computers. Sounds more like you're trying to write a hack, and it seems you have a long way to go, so I won't be losing sleep over the possibility of your hack invading the world anytime soon.

I wish to help him do a patch (actually why I’s asked), but first chosed to get an exploit that suits that vulnerability.

That makes no sense at all. Pentesting is about finding vulnerabilities in an existing infrastructure, so that they can be patched. There is no point in doing pentesting on a vulnerability you have already found.

If you found a vulnerability in the adobe flash player program, then report it to Adobe, and you may even provide them with a patch. Unless you have bad intentions, this is the only logical next step.

Is the Ruby language a programming or a scripting language ??

Ruby is an interpreted / JIT-compiled language, it says so on the wiki page.

if u do a research on the meaning of pentesting before attempting to make an idiot of urself publicly ?

Says the person who never made it as far as the wiki-page about Ruby.

dat u see me write "the" as "d" (for abbreviation purpose), which u KNOW is dat y u should ask me to start writing in english(rather dan french) ?

AD was referring to the fact that the rules in this forum is to write in English, no leetspeak / texting-style writing. If you care to get an answer to your questions, you should care enough to make your questions clear and pleasant to read.

sometimes as a c++ coder wen am given jobs by my boss to do in java/visual basic, i'd got an application that helps me do the translation to d desired programming language of his choice.

Wow, I didn't know anyone did that in production code. I've known and used some language translation tools here and there, for fun or on pet projects, never would I consider using those on production code (unless the destination is C code, which is a common destination language for compilers). I can't imagine how horrible your java / visual basic must be. In fact, I wouldn't even consider doing code translations (by tool or by hand) at all in production unless there was really good reason to do so. At best, you can use the original code as guidance when re-writing the code in the desired language, but never a direct / automated translation.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.