“Hackers for Charity” Needs You
This is a quick post to draw attention to the request for donations from Hackers for Charity. They need to raise about 785 USD / month to fund the good work they’re doing in Uganda. Netsparker recently...
View ArticleReverse Shell Cheat Sheet
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account /...
View ArticlePost-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)
There are some excellent tools and techniques available to pentesters trying to convert their local admin rights into domain admin rights. This page seeks to provide a reminder of some of the most...
View ArticleExposing only part of C: over Terminal Services
Ken Johnson gives a useful tip on his blog about limiting access to your local drives when you make a Terminal Services connection. This is not new, but it’s useful enough to be worth summarizing...
View Articletiming-attack-checker
timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond...
View ArticleThe Science of Safely Finding an Unused IP Address
During pentests you’re often allocated an IP by the client or can get one via DHCP. There are times, however when the client might expect you find a free IP on your own. Or you might want to check that...
View Articlegateway-finder
Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal...
View ArticleFinding IP Addresses of Other Network Interfaces on Linux
The scenario for this post is that you’re connected to the local LAN of the systems you’re pentesting – possibly in a DMZ or multi-tiered architecture. If you’re on an externally-facing LAN, you may...
View ArticleClik here to view.
windows-privesc-check
A long time ago, I started writing a tool to look for local privilege escalation vectors on Windows systems – e.g. weak permissions on files, directories, service registy keys. I never quite got round...
View Articlemimikatz: Tool To Recover Cleartext Passwords From Lsass
I meant to blog about this a while ago, but never got round to it. Here’s a brief post about very cool feature of a tool called mimikatz. I’m very grateful to the tool’s author for bringing it to my...
View Article
