Printing Domain Passwords

pentest, Web Attacks, Windows

Most networks have become harder to breach due to increased converged security operations; however there is still a gap that has never moved at the same pace; This issue lies in configuration management which largely is a key downer on most networks. Some of the most common misconfigured devices on any network that usually have […]

Love thy scripture – XXE

Injection, pentest, WAAS, Web Attacks, webdev

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with […]

Getting the shadow running

Injection, malware, OS, pentest, Windows

In the recent leak from shadow brokers; here has been great uptake in using the scripts. Some of the things to note though are that the script works on : Python 2.6 (32 bit) pywin32 (32 bit) Solving the problems with this requirement ; I will highlight the  2 most common: Running a different version of […]

Credential Harvesting on paranoid browsers

pentest, Web Attacks, webdev

Credential harvesting is one of the most common methods used in social engineering attacks when phishing. A sample can be viewed here. Some things about the cloner in social engineering toolkit: It doesn’t download assets i.e. images, css, javascript files The page cloned needs to be always reachable I will be testing this on chrome […]

[zero code] LFI and Arbitrary file download exploits on Mth3l3m3nt Framework

LFI, OWASP Mth3l3m3nt, pentest, Web Attacks

This simple post will take you through the process of adding an arbitrary file download exploit to mth3l3m3nt ; so yes no excuse to not have a working PoC for LFI or arbitrary file downloads because “I can’t code”. We will use the case of WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download whose process of coming […]

Jimmy the troll (unknown)

ctf, LFI, pentest, Uncategorized, Web Attacks

Download Unknown.ova here (782.44 MB) This CTF was made by Jimmy to test a number of aspects. It was also keen as the previous one on attention to some details. So without further ado, lets get into what made this journey awesome. Know About Thy Target This was the first step and for this I […]

John The Troll (CTF – Africahackon) – Key 3-Part-2

ctf, pentest, Uncategorized, Web Attacks

Following the previous article where all exploits failed , there are still 2 doors down : Nmap be abit old Go for some “GRUB“.  Nmap be abit old Now for this bit nmap is old its version 3.81. This can be abused via the –interactive option. More information on this can be found here. But basically […]

John The Troll (CTF – Africahackon) – Key 3

Crypto Stuff, ctf, OS, pentest, Uncategorized, Web Attacks

Now from John The Troll (CTF – Africahackon) – Key 2  we have gotten to be Chicken, so the next thing would be getting information about the system. [+] Kernel Linux version 3.13.0-55-generic (buildd@brownie) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 [+] fstab entries # /etc/fstab: static file system […]