Grabbing NTLM hashes with Responder then what?

Local networks have lots of things on them that we as penetration testers can exploit. In a Windows environment there are often protocols (LLMNR and NBT-NS) which can be easily exploitable. Effectively you are running a man in the middle attack and using that to intercept traffic being sent by users in order to capture… Continue reading Grabbing NTLM hashes with Responder then what?

Solving a pentester’s pesky proxy problem

I usually test web applications using Firefox because it uses it's own proxy settings and is easy to configure with burp. Chrome is then something that is used for googling answers, shitposting on Twitter etc to ensure that such traffic is not logged by Burp. This should sound familiar to most pentesters. This process falls… Continue reading Solving a pentester’s pesky proxy problem

Letsencrypt certificates for your python HTTP servers

Back in 2016 I blogged about how to do simple HTTP or HTTPS servers with python. You need to use these if you want to temporarily host files, and to investigate SSRF issues properly. There my skills sat until recently the user-agent that was making the SSRF request was actually verifying the certificate. How rude!… Continue reading Letsencrypt certificates for your python HTTP servers