Freelancers using Metasploit
Freelancers using Metasploit
Sign Up
Post a job
Sign Up
Log In
Filters
1
Projects
People
Ahmed Khan
Lahore, Pakistan
Cybersecurity specialist with ability to identify flaws
New to Contra
Follow
Message
Cybersecurity specialist with ability to identify flaws
0
I simulated a real-world Active Directory (AD) attack to identify and exploit misconfigurations within a Windows domain environment. The goal was to practice enumeration techniques, escalate privileges to domain admin, and establish persistent access. I started with LDAP enumeration using ldapsearch to map domain users and groups. Using BloodHound, I visualized attack paths and identified a Kerberoastable service account — a weak SPN tied to an outdated service. I extracted the hash using GetUserSPNs.py (http://GetUserSPNs.py) and cracked it with Hashcat, revealing the cleartext password. I then used Pass-the-Hash to authenticate as a domain admin using PsExec. To maintain persistence, I added a domain admin backdoor account using Mimikatz. Finally, I cleared event logs to avoid detection and exported a full attack report for remediation. Tools Used: ldapsearch, BloodHound, Hashcat, GetUserSPNs.py (http://GetUserSPNs.py), PsExec, Mimikatz, eventlog (for cleanup) Deliverable: Full attack timeline with screenshots, enumeration outputs, and security recommendations.
0
9
0
I conducted a complete web application security assessment on Damn Vulnerable Web Application (DVWA) using manual and automated testing techniques. The goal was to identify and exploit OWASP Top 10 vulnerabilities. I mapped the application using Burp Suite and discovered multiple injection points. I exploited SQL Injection to bypass authentication and extract sensitive data from the database using sqlmap. I also tested for Cross-Site Scripting (XSS) with custom payloads and successfully hijacked session cookies using document.cookie injection. I chained a file upload vulnerability with a PHP reverse shell to gain remote access to the server. All findings were documented with proof-of-concept screenshots and step-by-step remediation guidance. Tools Used: Burp Suite, sqlmap, OWASP ZAP, curl, custom payloads Deliverable: A detailed report including vulnerability exploitation steps, proof-of-concept, and mitigation strategies.
0
17
0
I performed a complete network penetration test on a deliberately vulnerable Linux machine (Metasploitable2) to simulate a real-world attacker scenario. The objective was to identify exploitable services, gain initial access, escalate privileges to root, and extract sensitive data. I started with reconnaissance using nmap to discover open ports and services. I identified outdated and vulnerable services including vsftpd 2.3.4 and Samba 3.0.20. Using Metasploit, I exploited the vsftpd backdoor to gain initial shell access. I then used shell_to_meterpreter to upgrade my session to a Meterpreter shell, giving me greater control. I dumped password hashes from /etc/shadow and cracked them using John the Ripper. Finally, I escalated privileges to root using the Samba usermap_script exploit and documented the entire process with screenshots. Tools Used: nmap, Metasploit, Meterpreter, John the Ripper, searchsploit Deliverable: A comprehensive report including attack timeline, exploited CVEs, and remediation recommendations.
0
19
0
I discovered a stored cross-site scripting (XSS) vulnerability in a practice web application's comment section that allowed me to inject malicious JavaScript that would execute in any user's browser. By submitting a comment containing a script payload, I successfully stole session cookies from other users and could have hijacked their accounts, performed actions on their behalf, or defaced the website. This finding was documented in a comprehensive report including proof-of-concept screenshots showing cookie theft, CVSS risk scoring of 6.5 (Medium), and step-by-step remediation guidance including input sanitization and output encoding. This assessment demonstrates my ability to find client-side vulnerabilities that can compromise every user visiting the site.
0
49
Metasploit
(3)
Follow
Message
Andrey Pautov
Tel Aviv-Yafo, Israel
CyberSecurity expert
Follow
Message
CyberSecurity expert
0
The Ultimate Guide to Metasploit: Part 1
0
6
0
SOC Tier 1: Security Monitoring and Incident Response
0
24
0
Automating Static Malware Analysis with Python Tools
0
3
0
Passwords Cracking: Full Guide with Real-Life Examples
0
2
Metasploit
(1)
Follow
Message
Muhamed Ali
Egypt
Versatile Cybersecurity & HR Expert
Follow
Message
Versatile Cybersecurity & HR Expert
0
Onion Circuit for a special purpose research client
0
19
0
Training project , Enhancing Security Awareness: Understanding t
0
10
0
Onsite Network Pentest
0
15
View more →
Metasploit
(1)
Follow
Message
Daniil Usatenko
Budapest, Hungary
Information Security Professional | AI & InfoSec Compliance
Follow
Message
Information Security Professional | AI & InfoSec Compliance
0
Jr. Penetration Tester path
0
6
0
Cyber Threat Intelligence Analyst
0
6
0
Certified in Cybersecurity
0
8
View more →
Metasploit
(1)
Follow
Message
Nagendra Tiwari
Satna, India
OSCP Certified Cybersecurity Expert 🔒
Follow
Message
OSCP Certified Cybersecurity Expert 🔒
0
CRTP Certified
0
3
0
EWPTxV2
0
3
1
OSCP
1
3
View more →
Metasploit
(3)
Follow
Message
Explore people