Clik here to view.
Length Sorting Wordlists
This is one of those stupid simple things that are easy to forget so I’m posting it here. Wordlists and dictionaries are awesome for cracking password hashes, and although, thanks to things like...
View ArticleClik here to view.
Metasploit Mastery @BlackHatEvents USA 2013
Just a quick post to say that egypt and I will be giving Metasploit Mastery twice (2 x 2 day sessions) at BlackHat USA 2013. Come out and get your Metasploit on in Vegas w/ usLinky:...
View ArticleClik here to view.
Sessiondump Meterpreter Extension
Mimikatz is awesome right, so is WCE. But both have one fatal flaw, even though you can execute them in memory {link}– you still have to have the binaries, remember the command to execute it in memory,...
View ArticleClik here to view.
Query all windows services config from the command line
This is how I did it:for /f "tokens=5 delims=" %A in ('reg query HKLM\SYSTEM\CurrentControlSet\Services') do sc qc %ALet me know if you know of a better way.If you don’t know why this could be...
View ArticleClik here to view.
Using Mimikatz Alpha or Getting Clear Text Passwords with a Microsoft Tool
Mimikatz is now built into Metasploit’s meterpreter, you can do load mimikatz from the meterpreter prompt, but if you don’t want to go through the hassle of dealing with AV, reverse or bind payloads,...
View ArticleClik here to view.
Volume Shadow Copy NTDS.dit Domain Hashes Remotely - Part 1
This and part 2 are mostly just an update to http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html but without the need for VSSOwn, that and we are doing it remotely without the need for...
View ArticleClik here to view.
Volume Shadow Copy NTDS.DIT Domain Hashes Remotely - Part 2
Part 2, we have the NTDS.dit file and the SYSTEM.hive file. First we need a few tools:From: http://www.ntdsxtract.com/Download: http://www.ntdsxtract.com/downloads/ntdsxtract/ntdsxtract_v1_0.zip1wget...
View ArticleClik here to view.
Problems with blogging software
Problems are that everyone does this whole blogging thing in so many different ways. Me, personally? I like to have a client that I can save drafts it, work on things a little bit here and there and...
View ArticleClik here to view.
Unkillable Processes
Saw this post about a kernel bug in 64 bit Windows that is a DoS, it can also create an unkillable process: Blog post: http://waleedassar.blogspot.com/2013/02/kernel-bug-1-processiopriority.htmlFigured...
View ArticleClik here to view.
Changing proxychains hardcoded DNS server
If you’ve ever used proxychains to push things through Meterpreter, one of the most annoying things is its “hardcoded” DNS setting for 4.2.2.2, if the org that you are going after doesn’t allow this...
View ArticleClik here to view.
Stealing passwords every time they change
Password Filters [0] are a way for organizations and governments to enforce stricter password requirements on Windows Accounts than those available by default in Active Directory Group Policy. It is...
View ArticleClik here to view.
AD Zone Transfers as a user
_cross posted from: http://carnal0wnage.attackresearch.com/2013/10/ad-zone-transfers-as-user.html_The tired and true method for Zone Transfers are using either nslookup:12nslookupls -d...
View ArticleClik here to view.
Dumping a domain worth of passwords with mimikatz
clymb3r recently posted a script called “Invoke-Mimikatz.ps1” basically what this does is reflectively injects mimikatz into memory, calls for all the logonPasswords and exits. It even checks the...
View ArticleClik here to view.
Metasploit Minute - Mondays with Mubix - Episode 1
Show URL: Hak5Youtube URL: YouTubeShow RSS feed: RSS
View ArticleClik here to view.
Alive Again
I’ve taken a rather long hiatus from blogging. This is mostly because I was fed up with the blogging platform that I had (Squarespace) and didn’t really have any alternatives that met all of the...
View ArticleClik here to view.
ExtAPI Pranks
Since I’ve been gone, OJ has released the ExtAPI (Extended API) for Meterpreter. This has some pretty amazing functionality. You can find OJ’s write up on it and more amazing things he did in 3 months...
View ArticleClik here to view.
Installing Metasploit Community Edition on Windows 8
Show URL: Hak5Youtube URL: YouTubeShow RSS feed: RSS
View ArticleClik here to view.
Application Whitelist Bypass using IEexec.exe
Guest post by @infosecsmith2There was a recent presentation at DerbyCon, entitled:Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation by Christopher Campbell & Matthew GraeberI...
View ArticleClik here to view.
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories – ShmooCon 2014 from Rob Fuller
View ArticleClik here to view.
Hostname bruteforcing on the cheap
Quick update: As @MikeDammpoints out, xargs has a -P option that can do the same thing I’m using parallel for. If you have a supported version of xargs you can use -P 0 to do the same thing as -j0 with...
View Article