Hey, KEEP CALM and hack away…
Windows Active Directory Port 88 (kerberos), 389 (ldap), 636 (ldap), 3268 (ldap) SYSVOL content found If SYSVOL content found. And if GPP (Group Policy Preferences) is applied, there will be a Groups.xml file that contains credentials in Policies directory somewhere. Find it use: find . -iname "groups.xml" GPP Password Hash found Use gpp-decrypt tools to…
Programming Objdump Examine compiled binary. reader@hacking:~/booksrc $ objdump -D a.out | grep -A20 main.: 08048374 <main>: 8048374: 55 push %ebp 8048375: 89 e5 mov %esp,%ebp 8048377: 83 ec 08 sub $0x8,%esp 804837a: 83 e4 f0 and $0xfffffff0,%esp 804837d: b8 00 00 00 00 mov $0x0,%eax 8048382: 29 c4 sub %eax,%esp 8048384: c7 45 fc 00…
Disclaimer BECAUSE OF THE RELEASE DATE OF THE BOOK, EVERYTHING HERE NEEDS FURTHER TEST. DON’T TAKE ANYTHING AND EXPECT IT TO WORK OFF THE BAT. Scanning the Network Passive Discovery Checklist Recon-NG (API key needed for http://ipinfodb.com/register.php) Discovery Spiderfoot (http://www.spiderfoot.net/) Creating Password Lists Tools Checklist Wordhound (https://bitbucket.org/mattinfosec/wordhound.git) Brutescrape(https://github.com/cheetz/brutescrape) Compromised Lists like Adobe users.tar.gz https://github.com/cheetz/adobe_password_checker/blob/master/foundpw.csv https://github.com/cheetz/adobe_password_checker…
Table of Contents Bypassing Network Access Control Bypassing MAC Filtering Set Up Tools Required Set Up Detail Bypassing Network Access Control Bypassing MAC Filtering You have physical access to the facility. And have found yourself an operational VoIP phone (or whatever that has an MAC address to connect to the internal network) and it\’s MAC…
Table of Contents Disclaimer Passive Recon BuiltWith Shodan.io Censys.io Hunter.io Summary Disclaimer Anything here on my blog, this article, and all the other one, are for education purpose. Any misuse of the information is at your own risk. 声明 此博客任何文章,包括本篇,仅供学习使用。任何滥用信息的行为,作者概不负责。 What Perter Kim (author of THP) suggests is to get your hands dirty. And the…
Table of Contents Web Application Exploitation SQL Injection (SQLi) Crosssite Scripting (XSS) Cross-site Request Forgery (CSRF) Session Token Entropy Fuzzing/Input validation Business Logic Summary Web Application Exploitation First things first, two good resources for webapp pentest. OWASP WebApp Testing Guid The Web Application Hacker’s Handbook SQL Injection (SQLi) TODO Read more about SQL database, how…
Table of Contents General Idea The Mentality Thing The Difference Wthin Responsibility Engagement Time Section II – The Drive – Exploiting Scanner Findings About Payloads DEP and ASLR DEP ASLR Take Aways General Idea This is going to be a notes taking article upon reading the book The Hacker Play Book I. I will stop…