LHF Scan (Lowest Hanging Fruit Scan)

A Python script using nmap libraries in order to audit and quickly highlight areas of interest regarding security on a network. Currently highlights: Web servers running HTTP SMB shares FTP SSH Telnet (with banner grabbing) SMTP server identification and identification of dangerous hosts (XP and Server 2003) Many bugs, but provides a good intelligence feed … More LHF Scan (Lowest Hanging Fruit Scan)

Teensy Script to Exfil Passwords Through Outlook

Using the previous posts CLI commands to unveil cached credentials, here is an additional implementation which will exfil the data from the users own Outlook account. Once plugged in, the Teensy will do the following: Launch an unelevated Powershell prompt (no administrative access required). Run a brief few lines of code to dump the security … More Teensy Script to Exfil Passwords Through Outlook

Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

We try to express time and time again the threats posed by leaving your screen unlocked. These are often batted back with responses of: I don’t have anything private on my screen I’m only away for a minute nothing can happen Aside from changing my screensaver… what else can be done? Well this is akin to smokers … More Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

Creating a password list from a company website with WLGen

I recently came across CeWL as a tool for spidering websites to gather keywords into a dictionary list relevant to their fields of expertise. This can aid password attacks by having words relevant to the field of expertise that the companies have. Only issue was that CeWL cant seem to get behind Cloud Flare sites. … More Creating a password list from a company website with WLGen