Blog | Tools

Weaponization of Nessus Plugins

Posted on February 06, 2018Link 

Des Pic

Overview During a recent internal penetration test, the need arose to exploit a Java two-stage deserialization vulnerability. This post will walk through how to twist a Nessus plugin, meant to test only for the existence of an RCE vulnerability, into a weaponized exploit that can be utilized to attain a reverse shell on your own attacking server. This was necessary...Continue reading 

Using Python To Get A Shell Without A Shell

Posted on October 27, 2017Link 

Introduction Many times while conducting a pentest, I need to script something up to make my life easier or to quickly test an attack idea or vector. Recently I came across an interesting command injection vector on a web application sitting on a client's internet-facing estate. There was a page, running in Java, that allowed me to type arbitrary commands...Continue reading 

Fun With PSEXEC Scanner Metasploit Module

Posted on August 03, 2012Link 

So you have a meterpreter session on some Windows machine remotely or internally. One of the first things a lot of folks will do is escalate to SYSTEM (getsystem or post/windows/escalate/getsystem in meterpreter) and dump the server's password hashes (hashdump or post/windows/gather/hashdump). The logical thing to do next is to begin cracking the hashes...Continue reading 

Have Questions?
Get Answers