Local networks have lots of things on them that we as penetration testers can exploit. In a Windows environment there are often protocols (LLMNR and NBT-NS) which can be easily exploitable. Effectively you are running a man in the middle attack and using that to intercept traffic being sent by users in order to capture… Continue reading Grabbing NTLM hashes with Responder then what?
Here is how I did in the new condensed table format. TargetSummary11k steps a dayI hurt my ankle in March. I am out of this game for the foreseeable.150 active minutes per weekWeek 1 – No.Week 2 - No.Week 3 - No. Week 4 - No. I am not getting "active" minutes (on the FitBit… Continue reading Captain’s Log: May 2021
Back in 2018 I wrote a post about finding and exploiting XSS using the new(ish) event handlers in HTML 5. Those techniques paid out recently and I thought I'd write up the situation. Using the lists provided in the earlier post I discovered the application allowed an "SVG" tag. Within that tag it allowed the… Continue reading XSS via HTML5 Events All over again
Here is how I did in the new condensed table format. TargetSummary11k steps a dayI hurt my ankle in March. I am out of this game for the foreseeable.150 active minutes per weekWeek 1 – No. But I now have an exercise bike which I am starting a new journey on. Week 2 - No.Week… Continue reading Captain’s Log: April 2021
I needed to enumerate RDP configurations when nmap, and nessus were not available to me. I found this blog post which described exactly the registry keys required. A bit of poking and so the PowerShell rdp-enum was born: https://github.com/cornerpirate/rdp-enum Does exactly what it says on the tin.Hope it helps
Here is how I did in the new condensed table format. TargetSummary11k steps a dayI hurt my ankle. I do not know how and cannot recall a slip or anything I was just suddenly in lots of pain walking one day. So.. At day 452 since I started going for 10k steps a day my… Continue reading Captain’s Log: March 2021
I usually test web applications using Firefox because it uses it's own proxy settings and is easy to configure with burp. Chrome is then something that is used for googling answers, shitposting on Twitter etc to ensure that such traffic is not logged by Burp. This should sound familiar to most pentesters. This process falls… Continue reading Solving a pentester’s pesky proxy problem
Back in 2016 I blogged about how to do simple HTTP or HTTPS servers with python. You need to use these if you want to temporarily host files, and to investigate SSRF issues properly. There my skills sat until recently the user-agent that was making the SSRF request was actually verifying the certificate. How rude!… Continue reading Letsencrypt certificates for your python HTTP servers
Here is how I did in the new condensed table format. TargetSummary11k steps a day5 miles of steps. Every single day.150 active minutes per weekWeek 1 – YesWeek 2 – YesWeek 3 – YesWeek 4 – Yes1 technical blog a monthI missed this in January (which seems mad when I had several drafts almost ready… Continue reading Captain’s Log: February 2021
I recently came across my first Electron application as a target. As is the case I try and take notes as I go and here they are so that I am ready for the next time. When you are targeting an "app" (various thick client or mobile application targets) I always want to: Decompile it… Continue reading Pentesting Electron Applications
