Back in 2016 I blogged about how to do simple HTTP or HTTPS servers with python. You need to use these if you want to temporarily host files, and to investigate SSRF issues properly. There my skills sat until recently the user-agent that was making the SSRF request was actually verifying the certificate. How rude!… Continue reading Letsencrypt certificates for your python HTTP servers
Ever wanted to use 3rd party python libraries when making a Burp Extender? I had somehow avoided it until recently. Warning: Be aware before pasting in the commands below that I think they configure your new pip environment and store all dependencies inside a new folder within the current directory. In a nutshell it works… Continue reading Using Jython’s PIP to add dependencies to Burp Extenders
A customer asked me to check for Cisco Discovery Protocol (CDP) based VLAN hopping on their LAN. It had been reported the year before and, while they hoped that it had been addressed, they wanted me to confirm that it had. When pentesting it can often be the case that you are basically verifying the solutions to… Continue reading Using Python and Scapy to hunt for VLAN IDs
A penetration tester often needs to share files with machines that they are enumerating. If you have managed to obtain a web shell, or a reverse shell, your next step is to do a little dance to praise the shell gods. After that you want to sit back down and check for information to enable further attacks.