Posted In:Penetration Testing Tutorials Archives - Pentest Geek
Burp Suite 2.0 Beta Review
A lot of changes have been made with PortSwigger’s recent release of Burp Suite 2.0! You can see a complete list of all the new goodies by reading the release notes. In this article I’m going to cover just a few key highlights that I think are important. Keep in mind I just upgraded this morning and my experience, analysis and opinion is based on only a couple of hours playing around.
Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
A really cool CVE for attacking palo alto networks PAN-OS was published near the end of last year CVE-2017-15944. Just last weak Philip Pettersson created a Metasploit Module to take full advantage of this bug and achieve remote code execution!
GPG Errors While Updating Kali Linux
I often run into the same GPG errors while updating Kali Linux’s apt-get repositories. The fix is simple enough but I seem to always end up Googling for longer than necessary so I wanted to place the working steps in a single place where I could have them when I undoubtably run into this issue again in the future.
Another Lap Around Microsoft LAPS
I recently landed on a client’s network with an implementation of Microsoft LAPS on a few thousand hosts. This blog post will walk through how to identify the users sysadmins delegated to view LAPS passwords, and how to identify the users sysadmins have no idea can view LAPS passwords.
Credential Harvesting via MiTM – Burp Suite Tutorial
In this step by step tutorial we will discuss some of the more advanced use cases for the Burp Suite. Credential harvesting through Man In The Middle attack vectors can be your saving grace during an otherwise uneventful penetration test. You can watch a video version of this tutorial Here. This guide is intended to be educational as well as entertaining. The author does not condone or encourage illegal hacking activities.
Hacking Jenkins Servers With No Password
Here’s a fun Jenkins trick I have been using on some recent Information Security Assessments to gain an initial foothold. If you aren’t familiar with hacking Jenkins servers, it runs by default on port 8080 and also by default it has no password (Hurray!). According to their Wiki: “Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron.” Here is what Jenkins looks like.Read More
Smbexec 2.0 released
We released smbexec version 2.0 a few days ago and it comes with some rather large differences from previous versions. For one thing it was completely rewritten in Ruby, for another it now supports multi-threading.
PowerSploit: The Easiest Shell You’ll Ever Get
Sometimes you just want a shell. You don’t want to worry about compiling a binary, testing it against antivirus, figuring out how to upload it to the box and finally execute it. Maybe you are giving a demo of an awesome new Meterpreter post-exploitation module. Maybe you have less than a minute of physical access to a Windows kiosk machine and need a quick win. There are plenty of scenarios that end in a penetration tester gaining GUI access to a target machine through guessed or found RDP, ESX or VNC credentials. In those situations, the easiest way to get a Meterpreter shell without worrying about AV is with PowerSploit.
PowerSploit is a collection of security-related modules and functions written in PowerShell. PowerSploit is already in both BackTrack and Kali, and its code is utilized by other awesome tools like SET so you may already be using it! Many of the scripts in the project are extremely useful in post-exploitation in Windows environments. The PowerSploit project was started by Matt Graeber who is the author of the function we will use in this tutorial: Invoke-Shellcode.
Pwn all the Sauce with Caller ID Spoofing
If we’re going to perform some pre-text phone calls we have a couple different options when it comes to the caller ID. We really only have 3 possible options which are: we do nothing to the phone number, we block our phone number, or we spoof our phone number.
Doing nothing to the caller ID will sometimes work depending on the area code you call from versus the area code that your client is located in. In my experiences, sometimes not blocking the number yields better results than blocking the number. I always feel like users are more suspicious when the caller ID says ‘blocked’or ‘unavailable’. Not only are they on heightened awareness, but I feel like they are less likely to even answer the phone thinking it’s most likely a telemarketer.
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
Want To Be a Better Pentester
Subscribe to our mailing list and recieve FREE pentest tips, tricks, product reviews, news, article release notifications and more!
You have Successfully Subscribed!
The Ultimate Burp Suite Training Program
Learn Network Penetration Testing
- Burp Suite
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications
Web Application Hacking