Hey all,
I just released the second alpha build of nbtool (0.05alpha2), and I'm hoping to get a few testers to give me some feedback before I release 0.05 proper. I'm pretty happy with the 0.05 release, but it's easy for me to miss things as the developer.
I'm hoping for people to test:
Through different DNS [...]
Read MoreHey all,
We hired a new pair of co-op students recently. They're both in their last academic terms, and are looking for a good challenge and to learn a lot. So, for a challenge, I set up a scenario that forced them to use a series of netcat relays to compromise a target host and bring [...]
This post was written by Matt Gardenghi
This is just initial impressions of a beta product.
I've been playing with this for about a week now in an internal network. I have a dedicated box running Ubuntu 10.04 and Metasploit Express. I've noticed that Express loves CPU time but is much less caring about RAM. It's also [...]
Filed under: DNS, Hacking, Tools
Greetings!
Today seemed like a fun day to write about a really cool vector for cross-site scripting I found. In my testing, this attack is pretty specific and, in some ways, useless, but I strongly suspect that, with resources I don't have access to, this can trigger stored cross-site scripting in some pretty nasty places. [...]
Filed under: DNS, Hacking, Tools
Hey all,
I've been letting other projects slip these last couple weeks because I was excited about converting dnscat into shellcode (or "weaponizing dnscat", as I enjoy saying). Even though I got into the security field with reverse engineering and writing hacks for games, I have never written more than a couple lines of x86 at [...]
Filed under: DNS, Hacking, Tools
Hey all,
I'm really excited to announce the first release of a tool I've put a lot of hard work into: dnscat.
It's being released, along with a bunch of other tools that I'll be blogging about, as part of nbtool 0.04.
Filed under: Hacking, Nmap, Tools
Sorry, through complete fault of my own, I posted a bad link. You are looking for: http://www.skullsecurity.org/blog/?p=436
document.location='http://www.skullsecurity.org/blog/?p=436'
Filed under: Hacking, NetBIOS/SMB, Tools
Greetings everybody!
I spent a good part of the past month traveling, which meant staying in several hotels, both planned and unplanned. There's nothing like having a canceled flight and spending a boring night in San Francisco! But hey, why be bored when you have a packet sniffer installed? :)
Hi all,
I wrote a blog last week about scanning for Microsoft FTP with Nmap. In some situations the script I linked to wouldn't work, so I gave it an overhaul and it should work nicely now.
Filed under: Malware, Nmap, Tools
Greetings!
I found this excellent writeup of a Web-server botnet on Slashdot this weekend. Since it sounded like just the thing for Nmap to detect, I wrote a quick script!
Filed under: NetBIOS/SMB, Nmap, Tools
Hello once again!
I just finished updating my smb-check-vulns.nse Nmap script to check for the recent SMBv2 vulnerability, which had a proof-of-concept posted on full-disclosure.
WARNING: This script will cause vulnerable systems to bluescreen and restart. Do NOT run this in a production environment, unless you like angry phonecalls. You have been warned!
Hi all,
It's been awhile since my last post, but don't worry! I have a few lined up, particularly about scanning HTTP servers with Nmap. More on that soon!
In the meantime, I wanted to direct your attention to
View my post on Slashdot
I'm just going to quote my Slashdot post inline.. check out the links for all the nitty gritty details. The bottom line is that 5.00 is awesome, and includes everything I've written as yet -- download it! :)
Filed under: NetBIOS/SMB, Tools
Hey all,
With the upcoming release of Nmap 4.85, Brandon Enright posted some comments on random Nmap thoughts. One of the things he pointed out was that people hadn't heard of nbstat.nse! Since I love showing off what I write, this blog was in order.
Ahoy! My name is Andrew and I've been playing with the recent IIS WebDAV authentication bypass vulnerability (CVE-2009-1676) and helping Ron with writing the nmap detection script (http-iis-webdav-vuln.nse) and testing it in the lab. Ron is in a meeting today so I thought I'd jump in where he left off and post a bit about [...]
Read MoreGreetings!
This morning I heard (from the security-basics mailing list, of all places) that there's a zero-day vulnerability going around for WebDAV on Windows 2003. I always like a good vulnerability early in the week, so I decided to write an Nmap script to find it!
I performed all of this to learn more about data exfiltration, remote control, etc... over a tightly controlled corp environment. It was depressing actually.... It's far too easy to gain control of a corp network even one that is conscientious. This work is built on the info at metasploit.com.
Oh, let me [...]
Filed under: Tools
In case you haven't heard, Fyodor released Nmap 4.85beta9 this week. This is the first release in awhile that wasn't related to my code (or, most properly, mistakes :) ). It looks like the new stable version will be here soon, so give this one a shot and report your bugs. Here's the download page.
Read MoreHi everybody,
With the help of Symantec's Security Intelligence Analysis Team, I've put together a script that'll detect Conficker (.C and up) based on its peer to peer ports. The script is called p2p-conficker.nse, and automatically runs against any Windows system when scripts are being used:
nmap --script p2p-conficker,smb-os-discovery,smb-check-vulns \
[...]
Filed under: Hacking, NetBIOS/SMB, Tools
I'm going to start off this blog by wishing a happy birthday to a very important person -- me. :)
Now, onto the content!
PsTools is a suite of tools developed by Sysinternals (now Microsoft). They're a great complement to any pen test, and many of my Nmap scripts are loosely based on them. As good [...]