Posts

Defending against physical intrusion attacks - The under door tool.

Image
Good morning all, how are we doing today? Watch anything good on Netflix recently? Many plans for the bank holiday weekend? Did you remember to deadbolt the office before you left yesterday? Wait… what? Yesterday the postman came. And this is what he brought me: What the hell is that?   Well it’s an under door tool (UDT) of course. A thin piece of flexible metal attached to a string, that can be folded away and neatly concealed in a rucksack, belt, or there are even versions that can be dismantled and stored in a pocket  (great video by the notsocivilengineer - showing a homemade collapsable UDT). So what does it do? And why should I care about your stupid bendy metal rubbish? This tool is designed to bypass the type of doors that are locked from the outside, but open with just an operation of the handle from the inside. They are usually accompanied by an RFID entry system or a code. This means you need to have the authentication to get in, but anyone can get out. And herein lies the f
Post a Comment
Read more

Email address enumeration Using Python.

Image
Welcome back one and all! It’s been a while, I apologise, but I’ve been a very busy man. I finally managed to escape the clutches of mechanical engineering, and landed myself a job in Cyber Security! Very excited about that, but that’s not the topic of the blog, so moving on for now: Recently, I have been involved in a few penetration tests. And I’ve learnt that one of the very first steps is a phishing campaign. What’s the first thing you need for a phishing campaign? Coffee of course.  Closely followed by email addresses, I guess. Whilst not as important as the coffee, having valid email addresses is somewhat integral to pulling off a successful phishing campaign, resulting in those juicy creds you’re looking for.  So where do you get those email addresses from? You could get lucky and be handed a list by the client. But more often than not, it’s down to you to find them yourself.  I'm going to show you three steps today, along with the code needed to automate these steps, they a
Post a Comment
Read more

CC: Pen Testing - THM Walkthrough

Image
  Welcome back one and all! I hope you have had a great weekend full of malware, ducky scripts and reverse shells. Today we are going to be looking at the CC: Pen Testing box from  TryHackMe . This room is huge, and covers a whole range of Pentesting tools including: Nmap Netcat Gobuster Nikto Metasploit Meterpreter Hashcat John The Ripper Sqlmap Smbmap Smbclient Impacket There are several questions relating to every tool listed, and the answers to almost all of these questions can be found using the tools 'man' or '--help' pages, so I won't go into all the answers for these. I am instead going to concentrate on the "Final Exam", which is a CTF at the end of the room, combining all your freshly absorbed hacking knowledge. So without further ado, get yourself comfy and caffeinated and lets go! As always, we start with an nmap scan. We need to know what we are dealing with here. No firewalls or pesky admins checking logs to deal with, so we can go full aggre
Post a Comment
Read more

THM RootMe Walkthrough

Image
Welcome back geeks (a term of endearment I assure you). Today we are going to do a quick guided walkthrough of the RootMe box by  TryHackMe . Without further ado, start your engines and get ready for the nmap scan. This answers the first two questions: Scan the machine, how many ports are open? What version of Apache is running? It then tells us to perform a directory list scan on the box, and find the hidden directory. Easy enough! Browsing to our secret directory, we find a landing page with what looks to be an upload form. Im going to go straight for gold and see if it will take a php reverse shell. The one we are going to be using is the PentestMonkey PHP-Reverse-Shell. Make sure to edit the shell to contain your IP and listening port before uploading. Nope. Not sure what language that is, but I'm pretty certain it translates as "Nice try, not going to happen". I'm guessing it's a file extension filter, we can try and bypass that by changing our shell to php5.
Post a Comment
Read more

THM Agent Sudo Walkthrough

Image
Greetings earthlings! Welcome back to another walkthrough, this time for the Agent Sudo room by  TryHackMe . Hoody on, coffee brewed, let's go! Deploy the machine, and click the box to say you've done so, easy points right there. As always, we will start with an nmap scan, see what we are dealing with here: We have FTP on 21, SSH on 22 and a http web server running on port 80. There's no anonymous log in on the FTP server, so I'm going to start with the web server. Set Gobuster running, and let's browse the page whilst we wait for the results. Nothing interesting back from the gobuster scan, but the webpage gives us a bit of a clue, it says we need to change our user-agent in order to access the site. There is a great guide of how to do this in Firefox  here . After trying a couple of obvious guesses (using Agent R as a starting point), I get the right user-agent and the webpage changes to this: So now we have a potential username, and the indication that this user
Post a Comment
Read more