LHF Scan (Lowest Hanging Fruit Scan)

A Python script using nmap libraries in order to audit and quickly highlight areas of interest regarding security on a network. Currently highlights: Web servers running HTTP SMB shares FTP SSH Telnet (with banner grabbing) SMTP server identification and identification of dangerous hosts (XP and Server 2003) Many bugs, but provides a good intelligence feed … More LHF Scan (Lowest Hanging Fruit Scan)

The Hidden PP Attack – A Non-Administrative Remote Shell For Data Exfiltration

Powershell to exploit systems is now being used fairly heavily but does frequently rely on administrative access to perform anything of value. To briefly address the different remote connections to new users we have: Backdoors – The computer has an open port in which someone can connect to at any point in time. Reverse Shell … More The Hidden PP Attack – A Non-Administrative Remote Shell For Data Exfiltration

Teensy Script to Exfil Passwords Through Outlook

Using the previous posts CLI commands to unveil cached credentials, here is an additional implementation which will exfil the data from the users own Outlook account. Once plugged in, the Teensy will do the following: Launch an unelevated Powershell prompt (no administrative access required). Run a brief few lines of code to dump the security … More Teensy Script to Exfil Passwords Through Outlook

Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

We try to express time and time again the threats posed by leaving your screen unlocked. These are often batted back with responses of: I don’t have anything private on my screen I’m only away for a minute nothing can happen Aside from changing my screensaver… what else can be done? Well this is akin to smokers … More Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

Installing OpenVAS 9 on Ubuntu 16.04.3

OpenVas is an open source vulnerability scanner. Using authenticated scans we can identify vulnerabilities within the configuration and current versions of software existing on our infrastructures. SO using a barebones install of Ubuntu 16.04 we are going to install the latest rendition of OpenVAS (that being v9). Firstly we need to add the APT repository … More Installing OpenVAS 9 on Ubuntu 16.04.3

Simulated Password Cracking with the NTDS.DIT Export – Part 2

Now we have a copy of the hashes we can sling them through John. There are several approaches to this, but for the purposes of simulating an attack its best to use 2. They are: A default JTR crack A company specific wordlist crack Basically JTR has certain options for rules. I’ve found that if you’re … More Simulated Password Cracking with the NTDS.DIT Export – Part 2

Simulated Password Cracking with the NTDS.DIT Export – Part 1

In order to check to see if passwords can be cracked or guessed by the evil-doers we have an advantage that we rarely use. By performing a simulated password crack on our existing AD users we can obtain the upper hand by finding the failing passwords before the bad guys do. Firstly we need to … More Simulated Password Cracking with the NTDS.DIT Export – Part 1

Creating a password list from a company website with WLGen

I recently came across CeWL as a tool for spidering websites to gather keywords into a dictionary list relevant to their fields of expertise. This can aid password attacks by having words relevant to the field of expertise that the companies have. Only issue was that CeWL cant seem to get behind Cloud Flare sites. … More Creating a password list from a company website with WLGen

Performing an Internal Phishing Audit – Metrics (Part 2 of 2)

When it comes to reporting on GoPhish metrics there’s a fair bit you can do to justify the exercise. Once you’ve exported all the CSV data from your campaign. Load it up in a spreadsheet and use these as guides for metrics. Total amount of emails sent: Count all occurrences of text using =COUNTIF(A:A<>””)-1 Total … More Performing an Internal Phishing Audit – Metrics (Part 2 of 2)