labs_downloadable.pdf

(1)

Penetration)Testing)Lab)

with)Cobalt)Strike)

! Cobalt!Strike!is!penetration!testing!software!designed!to!execute!targeted!attacks.!If!you’ve! used!Armitage!before,!it!will!look!familiar.!Cobalt!Strike!adds!several!tools!and!features!to! Armitage!and!the!Metasploit!Framework.!These!labs!will!help!you!become!comfortable! with!the!basics!of!using!Cobalt!Strike.! ! Included!on!this!DVD!are!three!virtual!machines.!The!Xubuntu!virtual!machine!is!an!attack! virtual!machine!with!the!dependencies!needed!by!Cobalt!Strike.!The!Metasploitable!and! Morning!Catch!Virtual!Machines!are!targets!for!you!to!experiment!with.! Addresses) Note!the!IP!addresses!of!your!virtual!machines!here.!All!virtual!machines!must!be!on!the! same!network.!The!option!you!should!use!is!the!NAT!option.!! ! ! Xubuntu!Address!!!!!!!!!!!!!!________________________________________! ! ! Metasploitable!Address!!________________________________________! ! ! Morning!Catch!Address!!!________________________________________! ! ) ) ) ) ) ) ! Redistribution) Please&do&not&redistribute&the&Cobalt&Strike&Trial.&Cobalt!Strike!is!an!export!controlled! item.!There!are!no!controls!on!the!virtual!machines!themselves.!Metasploitable!is!from!the! Metasploit!Project.!The!Morning!Catch!VM!is!redistributable!too.!

(2)

Videos)

You!may!try!these!labs!on!your!own!or!go!through!the!Tradecraft:!Red!Team!Operations! course.!Here’s!how!these!labs!match!up!with!the!Tradecraft!course!at:!! ! http://www.advancedpentest.com/training! ! Lecture! Lab! 1.!Introduction! 1.!Setup! 2.!Basic!Exploitation! 2.!Basic!Exploitation! 3.!Getting!a!Foothold! ! 4.!Social!Engineering! 3.!Social!Engineering! 5.!Post!Exploitation!with!Beacon! ! 6.!Post!Exploitation!with!Meterpreter! 4.!Post!Exploitation! 7.!Lateral!Movement! ! 8.!Offense!in!Depth! ! 9.!Team!Operations! 5.!Red!Team!Collaboration! ! ) ) ) ! ! ! ! ! ) ) ! ! ! ! ! ! ! ! ! ! ! ! !

(3)

1.)Setup)

Extract)Virtual)Machines) ! Pre5requisites:&18GB!free!disk!space! ! The!virtual!machines!are!zipped!to!conserve!space.!Please!extract!them!before!we!begin.! ! 1. Navigate!to!the!“Virtual!Machines”!folder!on!the!DVD.!! 2. For!each!.zip!file,!highlight!the!.zip!file! 3. Right`click!and!select!“Extract!All”! 4. Set!the!folder!to!c:\lab! Lab)Set)up)) ! Pre5requisites:!VMWare!Player!is!installed.!http://www.vmware.com/products/player/! ! Launch&the&Xubuntu&Virtual&Machine& This!is!the!Virtual!Machine!you!will!use!to!attack!the!targets.! & 1. Go!to:!Start!`>!All&Programs!`>!VMware!`>!VMware&Player! 2. Accept!the!license!agreement! 3. Click!Open!a!Virtual!Machine! 4. Navigate!to!c:\lab\!and!double`click!Xubuntu!12.04! ! If!asked!“This!virtual!machine!appears!to!be!in!use”,!select!"Take!Ownership"! ! 5. Click!Play!Virtual!Machine! ! If!asked!if!the!Virtual!Machine!was!copied!or!moved.!Say!you!copied!it.!! ! If!asked!to!install!VMWare!Tools!for!Linux,!press!Reminder!Me!Later! ! 6. Log!in!to!the!virtual!machine,!user:!root,!password:!toor! 7. In!the!terminal!that!is!open,!type:!ifconfig!eth0!and!note!the!IP!address!for!this! machine!at!the!top!of!the!first!page!of!this!lab!book.! ! & & & & & & & &

(4)

Install&Cobalt&Strike&(DVD)& The!Xubuntu!Virtual!Machine!does!not!include!the!Cobalt!Strike!trial.!You!must!install! Cobalt!Strike!into!this!environment.! ! 1. Insert!the!DVD!with!Penetration!Testing!Lab!into!your!DVD!drive! 2. From!VMWare!Player,!Connect!the!DVD!drive!to!the!Virtual!Machine! Virtual&Machine!`>!CD/DVD&(IDE)!`>!Connect&CD/DVD!!!!!!!! !!!!!!!!!!!!!!or! Right`click!the!CD!icon!and!choose!Connect! 3. A!“pen!test!lab”!DVD!icon!will!appear!on!the!Xubuntu!desktop.!Right`click!it!and! select!“Mount!Volume”! 4. In!the!Xubuntu!Virtual!machine,!open!a!terminal! 5. Type:!! ! cd&/root& tar&5zxvf&&“/media/pen&test&lab/Cobalt&Strike/cobaltstrike5trial.tgz”! ! To&Start&Cobalt&Strike&(from&Xubuntu)& ! 1. In!a!terminal,!type:!! ! cd&/root/cobaltstrike& ./cobaltstrike! ! 2. Press!Connect.!Click!Yes!when!asked!to!start!Metasploit's!RPC!Server.! & Launch&the&Metasploitable&Virtual&Machine& & 1. Go!to:!Start!`>!All&Programs!`>!VMware!`>!VMware&Player! 2. Click!Open!a!Virtual!Machine! 3. Navigate!to!c:\lab\Metasploitable2`Linux!and!double`click!Metasploitable! 4. Click!Play!Virtual!Machine! 5. Log!in!to!the!virtual!machine,!user:!msfadmin,!password:!msfadmin! 6. Type:!ifconfig!eth0!and!note!the!IP!address!at!the!top!of!this!lab.! 7. Press!Ctrl+Alt!to!release!the!mouse!from!the!virtual!machine! & Launch&the&Morning&Catch&Virtual&Machine& & 1. Go!to:!Start!`>!All&Programs!`>!VMware!`>!VMware&Player! 2. Click!Open!a!Virtual!Machine! 3. Navigate!to!c:\lab\!and!double`click!MorningCatch! 4. Click!Play!Virtual!Machine! 5. Log!in!to!the!virtual!machine,!user:!Richard&Bourne,!password:!password! 6. Go!to!Menu!`>!Terminal!and!type:!ifconfig!eth11.!Note!the!IP!address.! 7. If!there!is!no!IP!address,!type!sudo!dhclient!eth11!to!request!one.! !

(5)

Avoiding)Trouble) These!labs!should!work!as!advertised.!There!are!a!few!common!gotchas!though.!Follow! these!steps!to!avoid!them:! ! • If!you!have!VirtualBox!or!some!other!Virtual!Machine!player,!uninstall!it.!VMWare’s! networking!driver!will!sometimes!conflict!with!the!networking!driver!installed!by! other!virtual!machines! ! • If!you!have!a!host`based!firewall!installed,!consider!turning!it!off.!This!is!not!a! requirement.!If!everything!works,!leave!it!on.!If!you!find!that!you!can’t!scan!your! target!virtual!machines,!try!disabling!your!host`based!firewall.! ! • If!you!can’t!read!email!on!the!Morning!Catch!Virtual!Machine,!you!may!need!to! restart!the!mailserver.!Type!sudo!service!dovecot!restart!!in!a!terminal!to!restart!it.! The!password!is!password.! ! • It’s!possible!the!Morning!Catch!Virtual!Machine!may!recognize!its!network!interface! as!something!other!than!eth11.!If!eth11!is!not!available,!type:!ifconfig!to!see!all!of! your!network!interfaces.! ! • If!Cobalt!Strike!prompts!you!with!“What!is!your!attack!IP!address?”;!provide!the!IP! address!of!your!Xubuntu!virtual!machine!and!press!OK.! ! ) )

(6)

2.)Basic)Exploitation)

Scanning) 1. Go!to!Hosts!`>!Nmap&Scan!`>!Intense&Scan,&all&TCP&ports& 2. Type!the!IP!address!of!the!Metasploitable!Virtual!Machine& 3. Hosts!will!not!appear!until!the!scan!is!complete.!This!will!take!a!few!minutes.& 4. Right`click!the!Metasploitable!host!and!select!Services! Exploit) 1. Go!to!Attacks!`>!Find&Attacks! 2. Wait!for!Attack!Analysis!complete!dialog.! 3. Right`click!the!Metasploitable!host!and!try!various!items!from!the!Attack!menu!until! one!works.!Something!is!bound!to!☺! Right`click!the!Metasploitable!host!and!select!Shell&1!`>&Interact! 4. Type:!whoami!and!press!enter!in!the!new!Shell!1!tab.! ! To!quickly!clean!up!your!tabs—hold!down!Shift!and!click!X!to!close!a!tab.!This!will! close!all!tabs!with!the!same!name.! Brute)Force)VNC) 1. Select!the!Metasploitable!host!in!the!target!area! 2. From!the!module!browser,!navigate!to!auxiliary!`>!scanner!`>!vnc!`>!vnc_login! Double`click!this!module.! 3. Press!Launch! 4. Open!a!Terminal!and!type:!vncviewer!metasploitable/IP:5900.!!Use!the!password! discovered!through!vnc_login!to!connect.!The!line!showing!the!successful!login!will! have!a![+]!next!to!it.! ) Tomcat)Manager)Deploy)Exploit) 1. Select!the!Metasploitable!host!in!the!target!area! 2. Navigate!to!auxiliary!`>!scanner!`>&http!`>!tomcat_mgr_login!in!the!module! browser.!Double`click!this!module.! 3. Double`click!the!RPORT!value!and!change!it!to!the!correct!port.!Take!a!look!at!the! services!on!the!system.!Which!port!is!running!Apache!Tomcat?! 4. Press!Launch! 5. Navigate!to!exploit!`>&multi!`>!http!`>!tomcat_mgr_deploy!in!the!module!browser.! Double`click!this!module! 6. Change!RPORT,!USERNAME,!and!PASSWORD!to!their!correct!values.!Step!4!should! have!yielded!a!valid!username!and!password!for!you.! 7. Press!Launch! ) !

(7)

Brute)Force) Metasploit!modules!ending!with!_login!are!usually!able!to!brute!force!credentials.!Try! mapping!one!of!the!open!services!to!its!login!module!and!follow!these!steps:! ! 1. Highlight!the!Metasploitable!Virtual!Machine! 2. Type!_login!in!the!search!box!below!the!module!browser! 3. Launch!the!ssh_login!module!against!the!Metasploitable!VM! 4. Find!the!USER_FILE!option!and!double`click!the!black!square.!The!black!square! indicates!that!there!is!a!helper!dialog!to!set!this!option! 5. Double`click!on!the!wordlists!folder! 6. Choose!the!unix_users.txt!file! 7. Set!the!USER_AS_PASS!option!to!1! 8. Press!Launch! ! How!many!weak!accounts!did!you!find?!Go!to!View!Q>!Credentials!to!see!them.!Not!all! services!will!yield!usable!information.!Finding!a!good!service!to!brute!force!is!part!of! this!exercise.! Postgres)–)Let’s)raid)it) Not!all!vulnerabilities!will!yield!a!shell.!That's!OK.!Sometimes!there!are!other!great! opportunities:! ! 1. Try!to!brute!force!credentials!to!the!postgres!database!running!on!the!system! 2. Use!the!results!of!step!1!to!read!the!contents!of!/etc/passwd!through!the!postgres! database.!Hint:!search!for!any!postgres!related!modules.!There!may!be!one!that!can! help!you.! Postgres)Ownership) Ok,!we!really!want!a!shell.!Let’s!get!one.! ! 1. Look!for!a!Linux!exploit!that!lets!you!run!a!payload!with!credentials!to!a!postgres! database.!Double`click!this!module! 2. Use!the!username!and!password!you!found!earlier!to!setup!the!module.!Make!sure! to!leave!the!database!name!out!of!the!USERNAME!option!(e.g.,!user!not! database\user).! 3. Make!sure!Use!a!reverse!connection!is!checked! 4. Press!Launch.! ByeLbye)Metasploitable) Let’s!clean!up!our!environment!before!we!move!on!to!our!next!labs…! ! 1. In!a!console!tab!(View!`>!Console),!type:!sessions!–K! 2. Right`click!the!Metasploitable!host,!select!Host!`>!Remove&Host!

(8)

3.)Social)Engineering)

Labs!3!and!4!use!the!Morning!Catch!VM!to!simulate!a!Windows!environment!with!WINE.! This!simulation!isn’t!perfect``but!it’s!enough!to!get!through!these!labs.!If!you!go!! “off!script”,!beware!that!many!things!won’t!work!in!this!simulated!environment.! Setup)Listeners) ) Beacon&& & 1. Go!to!Cobalt&Strike!`>!Listeners.!! 2. Press!Add.! 3. Name!your!listener:!Beacon.! 4. Select!windows/beacon_http/reverse_http!as!your!Payload! 5. Set!the!Port!to!80! 6. Press!Save! 7. Beacon!will!ask!you!which!host(s)!it!should!Beacon!back!to.!If!you!have!bound! multiple!IP!addresses!to!your!attack!system,!specify!them!here.!Beacon!will!rotate! through!these!addresses!when!it!tries!to!communicate!with!you.! 8. Press&OK.! ! Java&Meterpreter&& & 9. Press!Add.! 10. Name!your!listener:!Java!Meterpreter.! 11. Select!java/meterpreter/reverse_tcp!as!your!Payload! 12. Set!the!Port!to!31337! 13. Press!Save.! Get)a)Foothold) ) Reconnaissance& & 1. From!Cobalt!Strike,!go!to!Attacks!`>!Web&Drive5by!`>!System&Profiler! 2. Press!Launch! 3. Copy!the!URL!to!your!clipboard!(Highlight!text,!press!Ctrl+C).!Press!OK! 4. Go!to!View!`>!Web&Log!to!watch!any!visits!to!your!web!server.! 5. Go!to!the!Morning!Catch!Virtual!Machine!and!visit!the!System!Profiler!with!Firefox.!! 6. From!Cobalt!Strike,!go!to!View&`>!Applications!to!see!the!system!profiler!results! 7. Highlight!all!of!the!applications!and!press!Show&Exploits! ! Setup&the&Attack& & 1. Go!to!Attacks!`>!Web&Drive5by!`>!Smart&Applet&Attack! 2. Press!Launch! 3. Press!OK! &

(9)

Clone&a&site& & 8. Go!to!Attacks!`>!Web&Drive5by!`>!Clone&Site! 9. Enter!http://[Morning/Catch/IP/address]&in!the!Clone!URL!field! 10. Set!Local!URI:!to!/clone! 11. Press!the!...&button!to!the!right!of!Embed! 12. Highlight!the!Smart!Applet!Attack!and!press!Choose! 13. Press!Clone! 14. Press!OK! & Deliver&Attack&via&Spear&Phishing& & 15. Open!a!Terminal,!type!mousepad!/root/targets.txt.!! 16. Put!the!following!line!into!the!file!and!save!it:! [email protected]<TAB>Richard!Bourne! 17. Go!to!Attacks!`>!Spear&Phish! 18. Click!the!folder!next!to!the!Targets!field!and!go!to!/root/targets.txt! 19. Click!the!Folder!to!the!right!of!the!Template!field.!Navigate!to!/root/phishing!and! choose!a!template.!These!templates!are!raw!email!messages!saved!from!my!gmail! spam!folder.! 20. Press!...!button!to!the!right!of!the!Embed!URL!field! 21. Highlight!the!/clone/!entry! 22. Press!Choose!! 23. Type!the!Morning!Catch!IP!address!in!the!Mail!Server!field! 24. Type:[email protected]!in!the!Bounce!To!field.!! 25. Press!Send! 26. Go!to!View!`>!Beacons!in!Cobalt!Strike! 27. Open!Thunderbird!on!the!Morning!Catch!virtual!machine!and!click!one!of!the!links! 28. Go!back!to!Cobalt!Strike! ! You!should!see!a!Beacon!for!the!Morning!Catch!Virtual!machine.!This!system!is!now! compromised,!but!we!will!not!see!lightning!bolts!until!we!ask!Beacon!to!give!us!a! Meterpreter!session!later.!That!part’s!coming,!but!first…! Create)a)Phishing)Site) 1. Go!to!Attacks!`>!Web&Drive5by!`>!Clone&Site! 2. Type:!http://[Morning/Catch/IP]/mail/!into!the!URL!field! (don't!forget!the!trailing!/)! 3. Type!/mail/!in!the!Local!URI!field! 4. Check!the!Log!keystrokes!on!cloned!site!box! 5. Press!Clone! 6. Copy!the!URL!to!the!clipboard! 7. Go!to!View!`>!Web&Log! 8. Paste!the!URL!into!the!Morning!Catch!user's!browser.!Try!to!login!to!the!site! (username!rbourne,!password!is!password)!

(10)

Managing)Sites) If!you!make!a!mistake!starting!a!web!service,!you!may!remove!any!of!the!services!you've! setup.!Here!are!the!steps:! ! 1. Go!to!Attacks!`>!Web&Drive5by!`>!Manage! 2. Highlight!a!site! 3. Press!Kill!

)

(11)

4.)Post)Exploitation)

Manage)Beacon) 1. Go!to!View!`>!Beacons! 2. Highlight!the!Beacon!from!the!Morning!Catch!target! 3. Right`click!and!press!Interact.! 4. Type!sleep&20&50!in!the!Beacon!console.!! Data)Mining)with)Beacon) 1. On!the!current!host,!look!for!interesting!documents! cd&z:\home& shell&dir&/B&/S&*.csv&*.doc&*.xls! 2. Wait!for!Beacon!to!check!in!(its!communication!is!asynchronous)! 3. Download!one!of!the!interesting!files! download&z:\path\to\file! 4. Go!to!View!`>!Downloads.!! 5. Highlight!a!file!and!press!View.! Spawn)a)Session) 1. Go!to!the!Beacon!console,!right`click,!and!navigate!to!Spawn! 2. Press!Add! 3. Name!the!listener!Windows!Meterpreter! 4. Select!windows/meterpreter/reverse_tcp!as!the!payload! 5. Set!the!Port!to!4444! 6. Press!Save! 7. Highlight!Windows!Meterpreter!and!press!Choose! ! When!Beacon!phones!home!next,!you!will!have!a!Windows!Meterpreter!session.! Data)Mining)with)Meterpreter) 1. Go!to![Morning&Catch]!`>!Meterpreter!`>!Interact!`>!Command&Shell! 2. Search!for!interesting!files! & cd&z:\home& &&&&&&&&&&&&&&dir&/B&/S&*.csv&*.doc&*.xls! 3. Go!to![Morning&Catch]!`>!Meterpreter!`>!Explore!`>!Browse&Files! 4. Navigate!to!the!folder!with!the!interesting!files! 5. Highlight!an!interesting!file,!right`click!it,!and!select!View! Screenshot) 1. Navigate!to![Morning&Catch]!`>!Meterpreter!`>!Explore!`>!Screenshot! Keystroke)Logging) 1. Go!to![Morning&Catch]!`>!Meterpreter!`>!Explore!`>!Log&Keystrokes! 2. Press!Launch! ! 3. On!the!Morning!Catch!desktop:!double`click!putty.exe!

(12)

4. Login!to!the!Metasploit!Virtual!Machine!with..! !user:!msfadmin!/!password:!msfadmin! ! 5. Go!to!Cobalt!Strike!to!observe!the!keystrokes.!! 6. Close!the!Log!Keystrokes!tab.! ! 7. Go!to!View!`>!Jobs! 8. Highlight!the!keylog_recorder!entry! 9. Press!Kill& ! 10. Go!to!View&`>!Loot! 11. Double`click!the!User!Keystrokes!entry.! Pivoting) 1. Navigate!to![Morning&Catch]!`>!Meterpreter!`>!Pivoting!`>!Setup.!! 2. Highlight!the!Morning!Catch!network! 3. Press!Add&Pivot! 4. Go!to!Hosts!`>!MSF&Scans! 5. Type!the!IP!address!of!the!Metasploit!Virtual!Machine!and!press!OK!! 6. Click!in!the!targets!area.!Press!Ctrl+H!to!rearrange!the!hosts! 7. Highlight!the!Metasploitable!Host.!Right`click!`>!Login!`>!ssh! 8. Use!the!username!msfadmin,!password!msfadmin!and!press!Login! 9. Right`click!Metasploitable!and!go!to!Shell!`>!Interact! 10. Type!netstat!Qna!|!grep!EST.!Do!you!notice!any!one!logged!in!to!port!22!from!the! Morning!Catch!VM?! Proxychains)) You!can!not!use!external!tools!through!a!Meterpreter!pivot.!Only!traffic!originating!within!the! Metasploit!Framework!will!honor!your!pivots.!In!this!lab,!we’ll!get!around!this!limitation.! ! 1. Go!to!Cobalt&Strike!`>!SOCKS&Proxy! 2. Press!Launch! 3. Open!/etc/proxychains.conf!in!your!favorite!text!editor!(e.g.,!mousepad)! 4. Change!the!last!line!to!say:!socks4!xubuntu/IP/address!1080.!Save!the!file.! 5. In!a!terminal,!type:!proxychains!ssh!msfadmin@metasploitable/IP.!! 6. Login!with!the!password!msfadmin! 7. Type!netstat!–na!|!grep!EST.!Do!you!notice!a!second!connection!on!port!22!from!the! Morning!Catch!VM?!

)

(13)

5.)Red)Team)Collaboration)

PreLrequisites) 1. Use!Hosts!`>!Clear&Database!(from!Cobalt!Strike)!to!clear!the!database! 2. Reboot!all!of!your!virtual!machines.!! Team)Server)Setup) 1. Open!a!terminal!and!type:!! ! cd&~/cobaltstrike& ./teamserver&xubuntu/IP/address&password! ! Wait!a!few!minutes.!Eventually,!Cobalt!Strike!will!issue!instructions!stating!that!you! may!connect!clients!to!the!team!server.! Connect)an)(External))Client) 1. From!your!host!operating!system,!extract!one!of!the!Cobalt!Strike!packages.!These! packages!are!on!the!DVD.!! 2. Start!Cobalt!Strike! 3. Edit!the!connection!settings.!The!Host!field!is!the!xubuntu/IP/address.!Never!use! 127.0.0.1!or!localhost!when!connecting!to!a!team!server!(even!if!it’s!local).!The!port! field!is!55553.!Don’t!change!this.!The!username!field!is!always!msf.!The!password! field!is!password.! 4. Press!Connect.! 5. Cobalt!Strike!will!ask!you!for!a!nickname,!make!something!up.!Press!Ok.! ! You!should!now!be!connected!to!the!Cobalt!Strike!team!server.!Follow!steps!2`5! from!the!Xubuntu!virtual!machine!to!connect!a!second!client!to!your!team!server.! Collaboration)Features) 1. Type!a!message!in!the!event!log!and!view!it!in!both!clients.!The!event!log!acts!as!a! chatroom!for!the!red!team! 2. Close!the!event!log.!Go!to!View&`>!Event&Log!to!get!it!back.! 3. Scan!a!host!from!one!of!your!Cobalt!Strike!clients.!Wait!for!the!scan!to!complete.!Go! to!the!other!Cobalt!Strike!client,!right`click,!and!go!to!Services! 4. .!Notice!that!the!data!is!available!to!both!clients.! 5. Compromise!a!host!from!one!of!your!Cobalt!Strike!clients.! 6. Switch!back!and!forth!between!your!clients!interacting!with!the!compromised!hosts.!! 7. Right`click!a!host!and!go!to!Host!`>!Set&Label….!! 8. Assign!a!label!to!the!host.!Labels!are!a!convienent!way!to!set!notes!on!a!host.!All! clients!will!see!the!label!that!you!assigned!to!the!host.!How!you!use!labels!is!up!to! you.!! !!

(14)

Where)to)go)from)here?)

I!hope!you!enjoyed!these!labs.!My!goal!was!to!help!you!learn!about!penetration!testing!and! experiment!with!Cobalt!Strike.! ! While!these!labs!are!UNIX!based,!they!convey!the!general!ideas!behind!using!Cobalt!Strike.!I! encourage!you!to!try!some!of!these!ideas!against!Windows!systems!you!control.!Cobalt! Strike’s!user`driven!attacks!(Attacks!`>!Packages;!Attacks!`>!Web&Drive5by)!are!good! options!to!get!a!foothold!in!a!modern!Windows!system.! ! If!you’re!ready!to!bring!Cobalt!Strike!into!your!organization,!you!can!purchase!a!license! through!the!Cobalt!Strike!website.!Price!information!and!the!link!to!buy!are!at:! ! http://www.advancedpentest.com/cgi`bin/purchase.cgi! ! If!you!have!questions!about!Cobalt!Strike!or!these!labs,!please!feel!free!to!contact!me.! ! ``!Raphael! ! Raphael!Mudge! Principal,!Strategic!Cyber!LLC! http://www.advancedpentest.com/! 1`888`761`7773! ! Email:[email protected]! Twitter:!@armitagehacker! IRC:!irc.freenode.net!/!#armitage! Blog:!http://blog.strategiccyber.com!