Category Archive: Tools

Nov 09

Kerberos Domain Username Enumeration

Kerberos Domain Username Enumeration Over recent years enumerating valid operating system level user names from up-to-date and well-maintained Windows environments, even from an internal test perspective, has become increasingly unlikely. Where RID cycling once provided us with a full list of domain users from an unauthenticated perspective, this is generally no longer the case. However, …

Continue reading »

Oct 14

Babel Scripting Framework (babel-sf)

The Babel Scripting Framework (babel-sf) is a collection of custom scripts to facilitate useful pentest related functions via scripting languages. babel-sf is currently replicated in the following languages: Perl Python Ruby PowerShell Why a custom scripting framework? babel-sf has been created for testing minimal installations, locked down and/or hardened environments e.g. When the target Operating …

Continue reading »

Feb 11

rundll32 lockdown testing goodness

I was recently on a Windows 7 workstation lock-down test which had been implemented pretty effectively with the vast majority of file and folder, service and AppLocker applied rules and permissions preventing the majority of malicious actions. However, I found that I was able to utilise rundll32.exe to attempt to enumerate/manipulate the environment.  I couldn’t …

Continue reading »

Aug 15

Old Incognito binary not working? or being eaten by AV? Then make your own

The original incarnation of Incognito has been around for a while it’s now a little dated and also picked up by the vast majority of Anti-Virus vendors. With this in mind I was intrigued by post by Josh Stone who has done a nice write up on creating an Incognito binary via the Metasploit Framework …

Continue reading »

Aug 15

NinjaCopy – Read Any File On Any System

Want to read any file on any box?* *Powershell and Admin account required Take a look at: http://clymb3r.wordpress.com/2013/06/13/using-powershell-to-copy-ntds-dit-registry-hives-bypass-sacls-dacls-file-locks/ This script is ideal for dropping local SAM files off compromised hosts or dropping the NTDS.dit file off domain controllers. Basic usage: PS > .\Invoke-NinjaCopy.ps1 -Path “C:\Windows\System32\config\sam” -LocalDestination “c:\copy_of_local_sam” Download here: https://github.com/clymb3r/PowerShell/tree/master/Invoke-NinjaCopy

May 30

Maligno (Metasploit Payload Server) – Hands On

I stumbled across Maligno on SecurityTube there’s a good video: http://www.securitytube.net/video/7639 Maligno is an open source penetration testing tool that from Encripto (www.encripto.no) that serves Metasploit payloads. The only negative I can see with it are that Python needs to be installed on the victim along with Pycrypto (which may be present on *nix targets …

Continue reading »