Matt

Author's details

Date registered: September 7, 2012

Latest posts

  1. Kerberos Username Enumeration – Top 500 Common Usernames — June 26, 2017
  2. Auto-sslscan (Automatic SSL Scanning) — June 23, 2017
  3. Nmap-ssl-parser — June 23, 2017
  4. Kerberos Domain Username Enumeration — November 9, 2016
  5. Babel Scripting Framework (babel-sf) — October 14, 2014

Most commented posts

  1. rundll32 lockdown testing goodness — 1 comment

Author's posts listings

Jun 26

Kerberos Username Enumeration – Top 500 Common Usernames

Kerberos Username Enumeration – Username Wordlists I’ve been having a fair bit of joy with the auxiliary/gather/kerberos_enumusers metasploit module on internal engagements, however you do need to provide the module with a good quality username wordlist or wordlists. On a recent engagement, using only the top 50 male and female userlists, I was able to guess 70 …

Continue reading »

Jun 23

Auto-sslscan (Automatic SSL Scanning)

Auto-sslscan As I mentioned in the previous post whilst Nessus and Nmap do a reasonable job of enumerating SSL protocols and ciphers I often find myself utilising other 3rd party SSL scanning tools. One I find myself turning to on a regular basis is sslscan, I like the output it provides and issues become immediately …

Continue reading »

Jun 23

Nmap-ssl-parser

Nmap-ssl-parser Nessus and Nmap both do a decent job of enumerating supported SSL protocols and ciphers from remote servers. However, I usually find myself also utilising other 3rd party SSL scanning tools. To that end I wanted an easy way to quickly parse out SSL services to an output file for input into other tools. …

Continue reading »

Nov 09

Kerberos Domain Username Enumeration

Kerberos Domain Username Enumeration Over recent years enumerating valid operating system level user names from up-to-date and well-maintained Windows environments, even from an internal test perspective, has become increasingly unlikely. Where RID cycling once provided us with a full list of domain users from an unauthenticated perspective, this is generally no longer the case. However, …

Continue reading »

Oct 14

Babel Scripting Framework (babel-sf)

The Babel Scripting Framework (babel-sf) is a collection of custom scripts to facilitate useful pentest related functions via scripting languages. All of the following tools are replicated in the following languages – PowerShell, Perl, Ruby and Python: Portscanner ARPscanner FTP Client WGET Client Bind Metasploit Payload Reverse Metasploit Payload Why a custom scripting framework? babel-sf …

Continue reading »

Feb 11

rundll32 lockdown testing goodness

I was recently on a Windows 7 workstation lock-down test which had been implemented pretty effectively with the vast majority of file and folder, service and AppLocker applied rules and permissions preventing the majority of malicious actions. However, I found that I was able to utilise rundll32.exe to attempt to enumerate/manipulate the environment.  I couldn’t …

Continue reading »

Oct 01

BruCON 2013 – Highlights

The fifth BruCON conference was held 26th to 27th of September 2013 in Ghent, Belgium.  From the off, the conference had a great feel, its organised by a group of security enthusiasts as a non-profit organisation and they do a great job.  From the live classical piano playing in the lounge/rest area where you have …

Continue reading »

Aug 15

Old Incognito binary not working? or being eaten by AV? Then make your own

The original incarnation of Incognito has been around for a while it’s now a little dated and also picked up by the vast majority of Anti-Virus vendors. With this in mind I was intrigued by post by Josh Stone who has done a nice write up on creating an Incognito binary via the Metasploit Framework …

Continue reading »

Aug 15

NinjaCopy – Read Any File On Any System

Want to read any file on any box?* *Powershell and Admin account required Take a look at: http://clymb3r.wordpress.com/2013/06/13/using-powershell-to-copy-ntds-dit-registry-hives-bypass-sacls-dacls-file-locks/ This script is ideal for dropping local SAM files off compromised hosts or dropping the NTDS.dit file off domain controllers. Basic usage: PS > .\Invoke-NinjaCopy.ps1 -Path “C:\Windows\System32\config\sam” -LocalDestination “c:\copy_of_local_sam” Download here: https://github.com/clymb3r/PowerShell/tree/master/Invoke-NinjaCopy

May 30

Maligno (Metasploit Payload Server) – Hands On

I stumbled across Maligno on SecurityTube there’s a good video: http://www.securitytube.net/video/7639 Maligno is an open source penetration testing tool that from Encripto (www.encripto.no) that serves Metasploit payloads. The only negative I can see with it are that Python needs to be installed on the victim along with Pycrypto (which may be present on *nix targets …

Continue reading »

Older posts «