zeknox Archives - Page 2 of 2 - Pentest Geek

Search Results For ""

How do I phish? – Advanced Email Phishing Tactics

How do I phish? - Advanced Email Phishing Tactics

I’m often times asked how I perform email email phishing attacks.  Email phishing attacks are very compelling, and unique to each situation. The process of creating a successful email phishing campaign is very methodical, and most of the time and effort goes up front into the planning phase.

Understanding that good security is a multilayer approach and we will have many layers of security that could potentially destroy our email phishing campaign. Some of these layers may include Email Gateway Spam Filters, Outlook ‘Junk Email’ Filters, Host based Antivirus, Intrusion Prevention Systems, Web Proxy Servers, Egress filtering, and the list goes on and on.

Read More


WordPress Pingback Portscanner – Metasploit Module

Metasploit Module Wordpress Pingback Port Scanner

The latest version of WordPress, version 3.5 was recently released on December 11, 2012. This latest version of WordPress comes pre-packaged with the XML-RPC interface enabled by default. This is just the type of configuration that us pentesters love to see during an engagment. This additional attack surface may be just the little extra that a pentester needs.

Read More


Recover Spark IM Stored Passwords with Metasploit

Recover Spark IM Stored Passwords with Metasploit

Metasploit Module [1]

I recently added a post exploit module to the metasploit framework. The module will extract and decrypt passwords that are stored by the Spark Instant Messenger client. The passwords are stored in a file on the local HDD (spark.properties) using Triple DES encryption. This sounds all fine and dandy, but this all goes out the door when they hardcoded the key and made it publicly documented.

The vulnerability isn’t that new since it was documented by Adam Caudill back in July 2012 when he disclosed the details and PoC code in .net that illustrates how the attack can be completed.  Mubix recently submitted a  request to add this post exploit module into the framework. Well, SmilingRacoon and myself decided to answer the call and work up a module to accomplish this task.

Read More


NetLM Downgrade Attacks with Metasploit

NetLM Downgrade Attacks with Metasploit

Metasploit Module [1]

Recently I added a post exploit module to the metasploit framework  that will help automate the NetLM Downgrade attack.  If you are not familiar with the  attack, I highly suggest you read the following article by Dave Howard before continuing.

The purpose of this article is not to describe the NetLM attack, but rather demonstrate how the post exploit module functions and how it can save  time on a pentest or even get you that next step in order to take over the network.

Read More


Find Local Admin with Metasploit

Find Local Admin with Metasploit

Metasploit Module [1]

When conducting email phishing engagements I often run into situations where I gain a meterpreter session on the internal network, but I don’t have local admin privileges. Often times many penetration testers give up on the assessment because they have already illustrated access to the internal network and consider that adequate on an external engagement. I like to go that extra mile and really make an impact by showing what a malicious user can do once inside.

I feel many penetration testers ignore the fact that a user executed the payload. A user that is most likely part of a domain, and may have access to many additional resources on the internal network that we wouldn’t otherwise have access to.

Read More


SQL Injection: Stealing the Keys to the Kingdom

SQL Injection: Stealing the Keys to the Kingdom

Recently I was conducting a penetration test for a very large high profile client. The last thing I was expecting to find was SQL Injection . The network itself had over 5500+ nodes and nearly 400 subnets.  I started out using one of my new tactics by utilizing Nmap’s new http-screenshot.nse script. If you haven’t had a chance to check it out; I highly suggest you do, its the new hotness. The NSE script essentially allows you to scan a network with nmap and take a screenshot of every webpage at the same time. Tutorials on how to use the script can be found on Pentest Geek here, or on Trustwave’s site here.

SQL Injection – Initial Identification

Normally when looking over all of the webpage screenshots I’m typically conscious of items like Apache tomcat servers with default creds, Jboss servers that expose the jmx-console, printers that have internal document servers holding confidential data, etc, etc…Read More


Using Nmap to Screenshot Web Services Troubleshooting

Using Nmap to Screenshot Web Services Troubleshooting

Recently a member from the Trustwave SpiderLabs team created an nmap NSE script that could be used to take a screenshot of webpages as it scanned the network. Working for a top 10 accounting firm, I conduct a lot of internal penetration tests for clients that operate on very large networks, and sometimes I’m required to audit entire counties.  Having the ability to view all the webpages on the internal network without being required to manually type in each addresses into the browser sounded amazing.  This was very exciting news now that there was a way to automate this process and have the ability to scale.  I dove in right away to get started by installing the script based on the instructions in the link listed below:

http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html

I highly suggest you look over the article above as I wrote this article in hopes that it would help assist anyone when having issues getting the http-screenshot NSE script to function properly with the latest version of nmap.

Read More


Incident Response in Trinidad

Incident Response in Trinidad

Sometimes when you fill the role of a consultant you never know what type of engagements will be thrown your way.  How can you train someone to expect the unexpected with computer security. The topic is so huge, and there is so much to learn in this gigantic sea of knowledge.

Recently I was sent on an engagement in Trinidad while it’s country was in a state of emergency.  I had never traveled international before so I was required to get a passport.  I had to expedite my passport since I was supposed to be in Trinidad in less than a week.  Once the passport arrived, I was smooth sailing; so I thought.

I missed my flight to Trinidad which was supposed to leave Minnesota around 9am CST.  I panicked and thought I would never find a flight to Trinidad in time.  I called my travel agent and was very surprised to find  there was an afternoon flight heading to Trinidad.  The only catch was that it had a six hour layover in Newark, New Jersey and the connecting flight to Trinidad was between 12am – 6am EST.  I didn’t have any other options at this point, so I took it.
Read More


Share This

Recent Posts

Subscribe To Our Mailing List

The Ultimate Burp Suite Training Program

Learn Network Penetration Testing

Penetration Testing

Categories

Metasploit

Web Application Hacking


Brandon McCann

Copyright 2021

css.php