smilingraccoon - Pentest Geek

Posted By:smilingraccoon - Pentest Geek

standard

Smbexec 2.0 released

2013/10/23 - By 

We released smbexec version 2.0 a few days ago and it comes with some rather large differences from previous versions. For one thing it was completely rewritten in Ruby, for another it now supports multi-threading.

Read More


standard

Scheduled tasks with S4U and on demand persistence

2013/02/11 - By 

Github module [1, 2]

I came across an interesting article by scriptjunkie (which you should really read) about running code on a machine at any time using service-for-user. By changing one line in the export XML of a scheduled task you effectively get a scheduled task that can run whether or not a user is logged in, whether or not the system reboots, whether or not you have the user’s password, run as a limited user, and doesn’t require bypassing UAC! This isn’t an interactive logon but can still be very useful in certain situations.

This works with any user with logon as batch job. While scriptjunkies blog post only showed altering a basic task scheduled to run every hour, it is possible to create more complex triggers based off a variety of things to make a more flexible trigger for your payload. Some of the triggers can even be used to replicate functionality for non-privileged accounts that are usually restricted. Some can even be used to trigger a scheduled task remotely from only your IP address.

Read More


standard

Hard coded encryption keys and more WordPress fun

2013/01/16 - By 

Metasploit modules [1, 2]

A few days ago I was chatting with pasv about a recent vulnerability he discovered. Apparently there was demand for Razer Synapse which syncs the configuration for a Razer mouse to the “cloud”. Syncing configurations to the cloud was most likely needed since some of Razer models have so many buttons the mouse has its own full blown number pad on the side. Pasv got bored and did what any good bored security professional does and reverse engineered the Razer Synapse installer. He discovered that the encryption key and IV were hard coded for the “Remember my password” feature (PoC).

The vulnerability was recently fixed before the new year (12/27/12), via an auto-update in the Razer Synapse software but we figure there are probably at least a few configuration files still sitting out there. This vulnerability was very similar to a recent metasploit module @zeknox and I released about Spark IM so it was fairly painless to write up a new module to exploit this configuration.

Read More


Share This

Recent Posts

Subscribe To Our Mailing List

The Ultimate Burp Suite Training Program

Penetration Testing

Categories

Metasploit

Web Application Hacking


Copyright 2019

css.php