Printing Domain Passwords

pentest, Web Attacks, Windows

Most networks have become harder to breach due to increased converged security operations; however there is still a gap that has never moved at the same pace; This issue lies in configuration management which largely is a key downer on most networks. Some of the most common misconfigured devices on any network that usually have […]

Love thy scripture – XXE

Injection, pentest, WAAS, Web Attacks, webdev

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with […]

Long Live Traversals and LFI

LFI, Web Attacks

Ladies and gentlemen ; I have gathered you here today to discuss the life of another fallen one. It is with great sadness that we announce the LFI on BOA webserver ; BOA is a favorite among many using embedded nix systems to use as a webserver due to its efficiency but alas it has […]

Getting the shadow running

Injection, malware, OS, pentest, Windows

In the recent leak from shadow brokers; here has been great uptake in using the scripts. Some of the things to note though are that the script works on : Python 2.6 (32 bit) pywin32 (32 bit) Solving the problems with this requirement ; I will highlight the  2 most common: Running a different version of […]

Credential Harvesting on paranoid browsers

pentest, Web Attacks, webdev

Credential harvesting is one of the most common methods used in social engineering attacks when phishing. A sample can be viewed here. Some things about the cloner in social engineering toolkit: It doesn’t download assets i.e. images, css, javascript files The page cloned needs to be always reachable I will be testing this on chrome […]

Surviving an SSH Audit

Crypto Stuff, OS

It’s often seen from most scanners a number of issues being raised in regard to SSH security. They are mostly around : Use of weak arcfour ciphers SSH Weak ciphers SSH weak Mac algorithms SSH insecure key exchange etc. as an example we will cover how to harden a weak understanding of the defaults and […]

Automating web exploits using metasploit – 3

Injection, Web Attacks, webdev

In the previous article we built the check method and all went well; now the last bit is build the exploit method and clean up. Exploit method Moving right into the code, I will explain the important parts that may be relatively new ; Line 52 helps us generate the payload Line 53 helps us give […]