Clik here to view.
Hacking Jenkins Servers With No Password
Introduction Here’s a fun trick I have been using on some recent Information Security Assessments to gain an initial foothold. If you aren’t familiar with hacking Jenkins servers, it runs by default on...
View ArticleClik here to view.
Smbexec 2.0 released
We released smbexec version 2.0 a few days ago and it comes with some rather large differences from previous versions. For one thing it was completely rewritten in Ruby, for another it now supports...
View ArticleUsing Metasm To Avoid Antivirus Detection (Ghost Writing ASM)
PrefaceIt seems that more and more these days I find myself battling head to head against my client’s Antivirus Detection capabilities. Payloads I encoded to successfully bypass one solution get picked...
View ArticleStealing Servers Through Directory Traversal
Recently I was conducting an internal penetration test for a client that is part of the financial industry. Since this client is a financial institution they are required to have an independent 3rd...
View ArticleUsing Nmap to Screenshot Web Services Troubleshooting
Recently a member from the Trustwave SpiderLabs team created an nmap NSE script that could be used to take a screenshot of webpages as it scanned the network. Working for a top 10 accounting firm, I...
View ArticleUsing Nmap to find Local Admin
While conducting penetration tests I almost always obtain user credentials; sometimes in cleartext, and other times just the hash. If your like me; you’ve often wondered, where do I have local...
View ArticleClik here to view.
Hard coded encryption keys and more WordPress fun
Metasploit modules [1, 2]A few days ago I was chatting with pasv about a recent vulnerability he discovered. Apparently there was demand for Razer Synapse which syncs the configuration for a Razer...
View ArticleClik here to view.
Scheduled tasks with S4U and on demand persistence
Github module [1, 2]I came across an interesting article by scriptjunkie (which you should really read) about running code on a machine at any time using service-for-user. By changing one line in the...
View ArticleClik here to view.
Pwn all the Sauce with Caller ID Spoofing
If we’re going to perform some pre-text phone calls we have a couple different options when it comes to the caller ID. We really only have 3 possible options which are: we do nothing to the phone...
View ArticleClik here to view.
PowerSploit: The Easiest Shell You’ll Ever Get
Sometimes you just want a shell. You don’t want to worry about compiling a binary, testing it against antivirus, figuring out how to upload it to the box and finally execute it. Maybe you are giving a...
View Article