Author: ben

Hey, I’ve been working with a few large clients and needed to search a lot of network shares with a standard user account to see if the shares looked dangerous or overly permissive for the user, e.g. an Admin share has full everyone permissions and the user can capture sensitive data. To do this I’ve… Continue reading Python Share Enumerator

Hey, Needed to parse an Nmap scan really simply and couldn’t find anything useful so I created a simple c# application to do it. Thought others might find it useful, here’s a screenshot of the beast at work. NmapParser  

I have been making a few programs in c# for parsing nessus and while these have been really good I wanted to expand my knowledge and create a python parser so that I can edit and change it on the fly while pentesting to get any specific information that I need or require. For example,… Continue reading Nessus Parser in Python

Hi folks, I slightly updated my program to show a few extra bits of information about the service. Firstly it now shows whether that user can stop and start the service, including the running state. Also it now shows the permissions on the parent folder incase these are different to that of the binary. Happy… Continue reading Service Permission Checker (service-perms.exe)

Hi Everyone, I know there are quite a few tools that do similar to this already but I wanted to create my own and just output all this data to an HTML file ‘simples’. So basically this outputs a file called report.html and lists all the services and permissions on those binaries. It also has… Continue reading Service ImagePath Permission Checker

Hi, When testing I always find myself doing more advanced exploitation on boxes and mostly use metasploit to do all these tasks, however I always forget the exact syntax for creating a metasploit payload and then setting up a multi/handler. Obviously there is a load of easy ways to do this but I thought I… Continue reading Metasploit Payload Generator Script – paygen

Hi folks, For some time now I have been finding the Java RMI remote class loading vulnerability and have been very suceesful with metasploit, however recently I have had Anti-Virus (AV) pick this up. While this is not a standard executable my usual AV bypass techniques were useless so I had to expand my research. For those… Continue reading JavaRMI Remote Class Loading Exploitation with AV Bypass

I was on a pentest the other day and investigating a proprietary protocol to a management agent and wanted to replay this traffic from a script. I knew I could capture the traffic in wireshark but didnt really know how to replay this or even parts to send a command to the port. Well it… Continue reading Network Proxy and Protocol Responder

It took me a little while to find all the correct dependencies for Zulu so I thought this may come in handy for others. ZULU Dependencies Manual Install Install https://www.python.org/ftp/python/2.7.6/python-2.7.6.msi Install http://sourceforge.net/projects/pywin32/files/pywin32/Build%20218/pywin32-218.win-amd64-py2.7.exe/download Install http://downloads.sourceforge.net/wxpython/wxPython3.0-win64-3.0.0.0-py27.exe Pip Install Download https://raw.github.com/pypa/pip/master/contrib/get-pip.py C:\Python27\python.exe get-pip Other Dependencies pip install winappdbg pip install pyserial pip install https://sendkeys-ctypes.googlecode.com/files/SendKeys-ctypes-0.2.zip pip install https://dpkt.googlecode.com/files/dpkt-1.8.tar.gz git… Continue reading Installing Zulu

Hi All, Recently I was doing some pentesting and needed to connect to a website using Integrated Windows Authentication (IWA) with only support for Kerberos allowed. At first I thought I was pretty much in a dead end because almost every post insinuates for Kerberos authentication to work your client machine needs to be added… Continue reading Using Kerberos Authentication without using a PC that is part of the Domain