Monday, December 29, 2014
Friday, October 31, 2014
Quick and Dirty Oracle Brute Forcing
Quick and Dirty Oracle Brute Forcing
Here is a quick bash script to wrap sqlplus for some brute forcing if for whatever reason nmap is failing to get the job done...and thus metasploit is failing to get the job done since the oracle_login module just calls nmap #!/bin/bash INPUT=oracle_defaults.csv OLDIFS=$IFS IFS=, [ ! -f $INPUT ] ...
Read MoreFriday, October 17, 2014
Its nice to see smart people in the industry like Dave Aitel (https://lists.immunityinc.com/pipermail/dailydave/2014-October/000769.html, http://seclists.org/dailydave/2013/q3/65) catching up to things we have been quietly providing to our clients for years. Attack Simulation and Threat Response / ...
Read MoreFriday, June 13, 2014
Mimikatz Against Virtual Machine Memory Part 2
Mimikatz Against Virtual Machine Memory Part 2
Short update to talk about mostly performing the actions from Part 1 on Windows 8+ and Windows Server 2012 First issue was symbols in windbg. Most importantly, NO symbols for windbg. I found this article that lets you remotely download them: http://support.microsoft.com/kb/311503 .sympath ...
Read MoreFriday, May 30, 2014
Mimikatz Against Virtual Machine Memory Part 1
Mimikatz Against Virtual Machine Memory Part 1
Pentesting is a funny thing. Someone will drop some new way of doing something and then you get to reflect on all those missed opportunities on previous engagements. I remember when MC showed me all the Oracle stuff and I reminisced about the missed shells. This post and part 2 ...
Read MoreFriday, May 23, 2014
Nagios and NPRE
Nagios and NPRE
Just a note for me for later as other blogs have been tending to disappear lately and so I don't get unduly excited when I see a nagios NRPE exploit/bug as there are a few obstacles to overcome. Very detailed writeup for my summarized notes below: https://www.cryptobells.com/zomg-remote-shell-exploit-or-not/ Nagios ...
Read MoreTuesday, March 25, 2014
DNS Brute String
DNS Brute String
just sticking this here so i can find it later. thanks @mubix cat hosts.txt | xargs -t -I subdomain dig +noall subdomain.THEDOMAIN.com +answer update, rob pointed me to his post on it http://www.room362.com/blog/2014/01/29/hostname-bruteforcing-on-the-chea ...
Read MoreWednesday, March 12, 2014
Webmin Brute Forcing
Webmin Brute Forcing
So i ran across a bunch of webmin boxes on a pentest. I went to just go try http_login or some other spiffy Metasploit auxiliary module but nothing was working quite right. I ended up needing to write my own because i had about 60+ hosts to check and that just tedious enough to make you write code ...
Read MoreThursday, February 20, 2014
Finding malicious DLLs with Volatility
Finding malicious DLLs with Volatility
Colin and I were working on an memory image the other day and needed to find DLLs loaded by svchost.exe. We turned to everyone's default memory analysis tool Volatility. Volatility doesn't really give you a good option to search for loaded dlls by process name. You can specify ...
Read MoreThursday, January 2, 2014
Modern Day Gold Mining
Modern Day Gold Mining
Well maybe not Gold...but Litecoins, hobonickels, dodgecoins, and other kinds of *coins* We've all heard about Bitcoins (BTC) and all wish we had bought a few hundred 2 years ago so we could retire today but who knew... We'll its too late to get in the bitcoin game due to the ...
Read More