Hello guys, new member here!
Hello, Theodoros Ntakouris
Obviously, you are philosopher.
Social engineering, that's why. In our time you do not need code, software or hardware skills. All you just need is a good communication with people and skills to manipulate them, and of course some kind of software skills.
I get that we have reached a point in time where systems have started to become too hard/impossible to exploit only with code, thus requiring social engineering, but I don't think this renders all of the questions out of context.
1. Why do I see tutorials/posts of people not importing nmap scans to msf, while also saving to a file for later use? They do use metasploit afterwards...
Saving the nmap output makes it possible to import that output into to other tools.
2. When does meterpreter start to get detectable by anti-virus systems? I know that Reflective DLL loading is very hard to detect if it doesnt touch the disk, but nearly all meterpreter commands touch the disk.
You're right that the bulk of AV evasion is about not touching disk, but you're off the mark that "nearly all meterpreter commands touch the disk." Some of the more invasive AV packages hook the Windows API calls we have to use to achieve some things, though.
3. Are more than 4 (or more than 1, really) encoder passes worth it in order to evade antivirus (I get the whole prohibited characters issue, but avoiding antiviruses that easy seems a lie )
Encoders are not intended (nor very effective) for AV evasion. Their primary function is to remove bad characters from a payload so that it can be generically dropped into lots of different exploits with different requirements. The reason for their randomness is **IPS** evasion, not AV evasion, but because it's random it occasionally works out. If you're concerned about AV evasion, use something like veil.
4. Are there any serious advantages that nmap has over metasploit's port scanners? It would be great if you could name a few
Nmap is a lot faster than Metasploit in most use cases.
5. Do encoders add NOP slides automatically at random , or with some predefined strategy?
Metasploit combines an encoder and a payload, then pads the beginning with NOPs so the final shellcode buffer will always be the same size for a given exploit.
6. Why do some post exploits (e.g. running _ after establishing meterpreter with a window machcine), tell you other possible vulnerabilities to exploits? Isn't it kinda useless? You already got control of the machine
I'm not quite sure what you mean. Can you give an example?
7. What's up with the whole ssltrip thing? Does it really shows 503 errors on the victim's computer, slows down the internet connection and occasionally fails to work whenever hsts headers have already been received from the victim?
Do you mean sslstrip? Yeah, HSTS is intended specifically to thwart that attack.
6. Ignore it pls, I understood that you need to find other exploits even if you get system access to a machine in order to perform other post-exploitation attacks like dumping passwords etc.Thanks.
Retrieving data ...