LHF Scan (Lowest Hanging Fruit Scan)

A Python script using nmap libraries in order to audit and quickly highlight areas of interest regarding security on a network. Currently highlights: Web servers running HTTP SMB shares FTP SSH Telnet (with banner grabbing) SMTP server identification and identification of dangerous hosts (XP and Server 2003) Many bugs, but provides a good intelligence feed … More LHF Scan (Lowest Hanging Fruit Scan)

The Hidden PP Attack – A Non-Administrative Remote Shell For Data Exfiltration

Powershell to exploit systems is now being used fairly heavily but does frequently rely on administrative access to perform anything of value. To briefly address the different remote connections to new users we have: Backdoors – The computer has an open port in which someone can connect to at any point in time. Reverse Shell … More The Hidden PP Attack – A Non-Administrative Remote Shell For Data Exfiltration

Monstra CMS 3.0.4 Unauthenticated User Credential Exposure

Whilst pratting around on hackthebox.eu, someone had uploaded a machine which used the Monstra CMS platform versions 3.0.4. Getting a tad frustrated I downloaded the platform to look at the code directly. Unknowingly stumbling across the username “database” which is in fact an XML file. This file contains all user credential information including the password … More Monstra CMS 3.0.4 Unauthenticated User Credential Exposure

Installing PFSense

So I’m used to working with expensive firewall solutions which, in fairness, protect SMBs and enterprises against a multitude of threats. A common theme amongst all smaller companies is that they cannot afford proper hardware to cater for additional UTM features like AV scanning etc. These can cascade into the tens of thousands of pounds. … More Installing PFSense

Teensy Script to Exfil Passwords Through Outlook

Using the previous posts CLI commands to unveil cached credentials, here is an additional implementation which will exfil the data from the users own Outlook account. Once plugged in, the Teensy will do the following: Launch an unelevated Powershell prompt (no administrative access required). Run a brief few lines of code to dump the security … More Teensy Script to Exfil Passwords Through Outlook

Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

We try to express time and time again the threats posed by leaving your screen unlocked. These are often batted back with responses of: I don’t have anything private on my screen I’m only away for a minute nothing can happen Aside from changing my screensaver… what else can be done? Well this is akin to smokers … More Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

Resetting a Windows Password Using Kali Live Boot and CHNTPW

If presented with a PC that no one can remember the admin pass, and the usage of your Hiron boot disk is not available due to driver support issues, you have an alternative which is to use the Kali live boot. Once booted into Kali on the local machine, you’ll need to mount the drive. … More Resetting a Windows Password Using Kali Live Boot and CHNTPW

Installing OpenVAS 9 on Ubuntu 16.04.3

OpenVas is an open source vulnerability scanner. Using authenticated scans we can identify vulnerabilities within the configuration and current versions of software existing on our infrastructures. SO using a barebones install of Ubuntu 16.04 we are going to install the latest rendition of OpenVAS (that being v9). Firstly we need to add the APT repository … More Installing OpenVAS 9 on Ubuntu 16.04.3