Filed under: Hacking
This post written by Matt Gardenghi
---------
This is going to be a series of short "how to" articles so that I have a resource when I forget how I did something. Your benefit from this post is incidental to my desire to have a resource I can reach when I've had a brain cloud.
When cracking into [...]
Filed under: Hacking, Passwords
First and foremost: if you want to cut to the chase, just download the torrent. If you want the full story, please read on....
Background
Way back when I worked at Symantec, my friend Nick wrote a blog that caused a little bit of trouble for us: Attack of the Facebook Snatchers. I was blog editor at [...]
Hey all,
We hired a new pair of co-op students recently. They're both in their last academic terms, and are looking for a good challenge and to learn a lot. So, for a challenge, I set up a scenario that forced them to use a series of netcat relays to compromise a target host and bring [...]
Filed under: Hacking
Recently, I was given the opportunity to work with an embedded Linux OS that was locked down to prevent unauthorized access. I was able to obtain a shell fairly quickly, but then I ran into a number of security mechanisms. Fortunately, I found creative ways to overcome each of them.
Here's the list of the [...]
This post was written by Matt Gardenghi
This is just initial impressions of a beta product.
I've been playing with this for about a week now in an internal network. I have a dedicated box running Ubuntu 10.04 and Metasploit Express. I've noticed that Express loves CPU time but is much less caring about RAM. It's also [...]
Filed under: Hacking
This is another special blog written by Matt Gardenghi!
My boss passed around a document about database security in the cloud. It raised issues about proper monitoring of the DB, but offered no solutions.
This got me thinking. I hate it when that happens. Its like an automatic "boss button" that I can't switch off. /gah
For [...]
Filed under: DNS, Hacking, Tools
Greetings!
Today seemed like a fun day to write about a really cool vector for cross-site scripting I found. In my testing, this attack is pretty specific and, in some ways, useless, but I strongly suspect that, with resources I don't have access to, this can trigger stored cross-site scripting in some pretty nasty places. [...]
Filed under: Hacking
There are the usual XSS tests. And then there are the fun ones. This is a story about a more exotic approach to testing XSS....
I was testing a company that had passed all XSS tests from their pentester. I found that they allowed users to write HTML tags. Of course they didn't permit <script> tags [...]
Filed under: Hacking
This is yet another guest post from our good friend Matt Gardenghi! If you enjoy this one, don't forget to check his last one: Trusting the Browser (a ckeditor short story).
------------------
Often, I hear arguments that go like this: real hackers write code and exploits; everyone else is a script-kiddie.
That is a dumb argument from all [...]
Filed under: DNS, Hacking, Tools
Hey all,
I've been letting other projects slip these last couple weeks because I was excited about converting dnscat into shellcode (or "weaponizing dnscat", as I enjoy saying). Even though I got into the security field with reverse engineering and writing hacks for games, I have never written more than a couple lines of x86 at [...]
Filed under: Hacking
My name is Matt Gardenghi. Ron seems to think it important that this post be clearly attributed to someone else (this fact might worry me). I'm an occasional contributor here (see: Bypassing AV). I handle security at Bob Jones University and also perform pentests on the side. (So [...]
Read MoreFiled under: Hacking
Hey all,
As some of you know, I've been working on collecting leaked passwords/other dictionaries. I spent some time this week updating my wiki's password page. Check it out and let me know what I'm missing, and I'll go ahead and mirror it.
I've had a couple new developments in my password list, though. Besides having [...]
Filed under: DNS, Hacking, Tools
Hey all,
I'm really excited to announce the first release of a tool I've put a lot of hard work into: dnscat.
It's being released, along with a bunch of other tools that I'll be blogging about, as part of nbtool 0.04.
Filed under: Hacking, NetBIOS/SMB
Thanks to a Google Alert on my name, I recently found Laurent Gaffié's blog post about MS10-006 (Microsoft Technet link).
Read MoreFiled under: Hacking, Nmap, Tools
Sorry, through complete fault of my own, I posted a bad link. You are looking for: http://www.skullsecurity.org/blog/?p=436
document.location='http://www.skullsecurity.org/blog/?p=436'
Filed under: Hacking
This is just a quick thought I had at work today -- actually, I had it in November, but just got around to posting it now. Common story, but eh?
Read MoreFiled under: Hacking, NetBIOS/SMB, Nmap
Posts in this series (I'll add links as they're written):
What does smb-psexec do?
Sample configurations ("sample.lua")
Filed under: Hacking, NetBIOS/SMB, Nmap
Posts in this series (I'll add links as they're written):
What does smb-psexec do?
Sample configurations ("sample.lua")
Default configuration ("default.lua")
Advanced configuration ("pwdump.lua" and "backdoor.lua")
Filed under: Hacking, NetBIOS/SMB, Nmap
Posts in this series (I'll add links as they're written):
What does smb-psexec do?
Sample configurations ("sample.lua")
Default configuration ("default.lua")
Advanced configuration ("pwdump.lua" and "backdoor.lua")
Filed under: Hacking, NetBIOS/SMB, Tools
Greetings everybody!
I spent a good part of the past month traveling, which meant staying in several hotels, both planned and unplanned. There's nothing like having a canceled flight and spending a boring night in San Francisco! But hey, why be bored when you have a packet sniffer installed? :)