Okay so it might be a long time coming… Part 2: In part two we are again looking at Password Safe Apps but this time the App stores data in an unintelligible format (looks to be encrypted or at least encoded based on the method calls to read file in). Either way the files are… Continue reading IOS App Testing – Part 2
Category: Uncategorized
JavaRMI Remote Class Loading Exploitation with AV Bypass
Hi folks, For some time now I have been finding the Java RMI remote class loading vulnerability and have been very suceesful with metasploit, however recently I have had Anti-Virus (AV) pick this up. While this is not a standard executable my usual AV bypass techniques were useless so I had to expand my research. For those… Continue reading JavaRMI Remote Class Loading Exploitation with AV Bypass
Network Proxy and Protocol Responder
I was on a pentest the other day and investigating a proprietary protocol to a management agent and wanted to replay this traffic from a script. I knew I could capture the traffic in wireshark but didnt really know how to replay this or even parts to send a command to the port. Well it… Continue reading Network Proxy and Protocol Responder
Installing Zulu
It took me a little while to find all the correct dependencies for Zulu so I thought this may come in handy for others. ZULU Dependencies Manual Install Install https://www.python.org/ftp/python/2.7.6/python-2.7.6.msi Install http://sourceforge.net/projects/pywin32/files/pywin32/Build%20218/pywin32-218.win-amd64-py2.7.exe/download Install http://downloads.sourceforge.net/wxpython/wxPython3.0-win64-3.0.0.0-py27.exe Pip Install Download https://raw.github.com/pypa/pip/master/contrib/get-pip.py C:\Python27\python.exe get-pip Other Dependencies pip install winappdbg pip install pyserial pip install https://sendkeys-ctypes.googlecode.com/files/SendKeys-ctypes-0.2.zip pip install https://dpkt.googlecode.com/files/dpkt-1.8.tar.gz git… Continue reading Installing Zulu
IOS App Testing – Part 1
The first in a series of IOS app testing blogs, this blog will focus on some of the more simplistic IOS app vulnerabilities and how to exploit them. I won’t be wasting time talking/walking through the methods exactly and explaining all syntax used etc. This first blog is just to show how easy it can be… Continue reading IOS App Testing – Part 1
Using Kerberos Authentication without using a PC that is part of the Domain
Hi All, Recently I was doing some pentesting and needed to connect to a website using Integrated Windows Authentication (IWA) with only support for Kerberos allowed. At first I thought I was pretty much in a dead end because almost every post insinuates for Kerberos authentication to work your client machine needs to be added… Continue reading Using Kerberos Authentication without using a PC that is part of the Domain
Smart LSA Secrets Module
I decided to take two modules and crash them together to add some automation to some tasks that I seem to pick up often. I took the LSA Secrets module and the Domain Group Enum module and combined them to be one module. I then added some addition comparison functions to inform me if any… Continue reading Smart LSA Secrets Module
Pass The Hash RDP (Windows 2012 R2)
Having read a few articles about the restricted-admin mode on RDP I decided to give this ago to make sure I had all the tools in order to use this attack. I installed a machine with windows server 2012 R2 edition and enabled RDP. Then I dumped the hashes from the box as shown here… Continue reading Pass The Hash RDP (Windows 2012 R2)
A Spoofing WAKE-ON-LAN Script
I was recently tasked with testing a Wake-On-LAN (WOL) solution. I haven’t done an awful lot with WOL before but so not to go into too much detail and bore you to death, a WOL packet is basically constructed by putting a DATAGRAM packet together with the data contents of a SYNC line followed by… Continue reading A Spoofing WAKE-ON-LAN Script
SNMP Process Sniper – Kill Windows Processes With SNMP Write Access
On a recent test I came across SNMP write access on a Windows box and really wanted to use it to lower the security posture of the server however at the time the only attacks that I could come up with were Denial of Service (change IP, name etc) or Pointless POC’s (writing a contact… Continue reading SNMP Process Sniper – Kill Windows Processes With SNMP Write Access