Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)
There are some excellent tools and techniques available to pentesters trying to convert their local admin rights into domain admin rights. This page seeks to provide a reminder of some of the most...
View ArticlePreventing Web-based Directory Enumeration Attacks Against IIS
I received an interesting tip from Munish about how to prevent directories from being easily identified in IIS. I’ve updated my original post about directory enumeration with the following info:...
View ArticlePost-Exploitation Without A TTY
This is a follow-up to a topic I touched on breifly before when I talked about the problem of trying to use the SSH client when you don’t have a TTY. I was recently in a position where I got an...
View ArticleUsing SSH Without A TTY
I recently received a mail asking how to get SSH to work from within a reverse shell (see php-reverse-shell , php-findsock-shell and perl-reverse-shell ). I thought I’d write a brief description of...
View ArticleThe Perfect Web Backdoor
I’m sure most pentesters have had cause to use the likes of cmdasp.asp, or cobble together a simple PHP script based around “passthru” or “system”. There’s loads more functionality that would be...
View ArticleGreat Word List
One of the biggest and most comprehensive collection of 1,493,677,782 word for Password cracking list released for download. The wordlists are intended primarily for use with password crackers such as...
View ArticleRecon Script
Not sure where I picked this little gem up but what a great recon batch script. @Echo off echo Starting. Do not close program. Please wait 15 seconds. ::Generate a unique filename set...
View ArticleUsing and Abusing Alternate Data Streams
I love you SynJunkie your site rocks and I have mad respect. This blog post is to detail a very simple method that has been used by viruses, malware authors and others to hide data. What are Alternate...
View ArticleFun with Tcpdump
Tcpdump is a really useful program for capturing packets that are on the wire. It can be used to view packets going through your own interface, on a network with a hub, or on a switched network...
View ArticleHuge List of Pentesting links.. Nice, makes me want to create a huge links...
Blogs Worth It: What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work. http://carnal0wnage.blogspot.com/...
View Article
More Pages to Explore .....