Posted on October 27, 2017
Introduction Many times while conducting a pentest, I need to script something up to make my life easier or to quickly test an attack idea or vector. Recently I came across an interesting command injection vector on a web application sitting on a client's internet-facing estate. There was a page, running in Java, that allowed me to type arbitrary commands...Continue reading
Posted on August 03, 2012
So you have a meterpreter session on some Windows machine remotely or internally. One of the first things a lot of folks will do is escalate to SYSTEM (getsystem or post/windows/escalate/getsystem in meterpreter) and dump the server's password hashes (hashdump or post/windows/gather/hashdump). The logical thing to do next is to begin cracking the hashes...Continue reading
Posted on September 27, 2011
rce is a simple but very useful DNS reconnaissance tool written by Robert Hansen (RSnake) that I use on virtually every pentest, vuln assessment, or application security assessment I'm involved in. There's nothing fancy or super-technical about this tool; it's just useful and deserves some mention. It combines the functionality of a handful of recon tools into one. It's original...Continue reading
