Stitching together UniFi Video Footage I recently wanted a video of a large amount (lets say 24 hours worth) of footage from my Ubiquiti UniFi camera. If you're doing 24/7 recording, the NVR interface chunks videos into 10 minute segments. You can check multiple videos to download at one time, but that&
dirb multiple hosts wrapper I've had the need in the past to run dirb (dirbuster like web directory brute force tool) against a range targets. However, dirb only takes a single host as an argument. It would be pretty easy to wrap it in an loop, but you're probably going
Office 365's Secret "Activities" API The TL;DR up front, because I hate buried leads. Microsoft created an undocumented API that gave incident handlers, forensic teams, and blue teams a tool that they have long wished for and that Microsoft denied having. This API was known to five major forensics firms for some time, and
ghost Disqus on Ghost Updated 6 Mar 2021 - Scroll to bottom for the update More adventures into self-hosting Ghost. I have Disqus up and running again, all the comments are still there. Since Disqus was based on URL, and the URL didn't change, everything just started working once the Disqus universal
ghost Adding security.txt to Ghost Ghost [https://github.com/TryGhost/Ghost] is pretty great. Simple markdown language for posts, lightweight, and self-hosting allows me to keep costs down and lets me customize some things. However, it also feels a bit goofy when you try to customize some things. One of these was adding a security.
I accidentally the whole / Instead of chmod -R ./ 664 * inside a script, I just ran chmod -R / 664 *. Worse, this was inside AWS, no directly console access. Woops... This isn't the worst thing to recover from if you're sitting in front of a physical machine and have access to the
Finding Event Logs Caused by an Action Windows 10 1803 x2 - vanilla install, all commands run from elevated prompt Ever want to find out what Windows Event Logs are created by a particular action? There doesn't seem to be an evtx diff utility, and being a binary format makes it somewhat difficult. Log Parser
EternalBlue on Windows XP There's a few articles and exploits out there where EternalBlue has been found to work on Windows XP. However, the metasploit framework does not seem to have a reliable exploit for it. I did find a working exploit here [https://github.com/worawit/MS17-010], specifically zzz_exploit.py
Making Firefox tabs behave more like Chrome One of the only things holding me back from using Firefox over Chrome was the behavior of the tabs. I absolutly hated having to scroll back and forth to find a tab, and I frequently have tons of tabs opened. The solution, posted in this thread by /u/robotkoer has
Helpful Nmap Notes Nmap can take script arguments in a fashon such as the following nmap -Pn -sU -sS --script "rdp-ntlm-info,smb* and not smb-brute and not smb-flood and not smb-psexec and not smb-enum-shares" -T4 -p U:137,U:138,T:137,T:139,T:445,T:3389 192.168.1.
Stresspaint Malware IOC's One thing that continues to amaze me is that anytime something like this hits the news, IOC's are limited to what files (by name) it drops. Ya know what's even more useful? Hashes, hashes are more useful. So here's a few I was able
Fixing a raw shell with Python and stty I've seen the python pty trick in a few places, first when taking OSCP labs. However, if you've noticed there's still some problems. 2 years ago at HackFest @r00k [https://twitter.com/_r00k_] did a presentation where he improved the quality of the shell
OpenSSL and Private Key Compromise This is a problem I've run into several times in the past, so I wanted to document this a bit. While processing certificate signing requests (CSR's) I've occasionally had external entities send the private key along with the CSR. I guess they assume it&
changes Changes If you closely follow this site (which I doubt anyone actually does), you may have noticed some differnces to the theme and a bit of downtime yesterday. I'm making some changes to the site with the following goals in mind * Save some money * Reduce complexity * Improve security With
Browser Cryptominer Finally found a live site mining crypto currency tonight. Really quick post on detection. WARNING! As of this writing, this site drives CPU to >70% and mines cryptocurrency. As far as I can tell, that's all it does, but you know... So first, the site in question:
FUZZBUNCH, msfvenom, meterpreter, and YOU! I've read a few of the FUZZBUNCH / ETERNALBLUE / DOUBLEPULSAR tutorials, and decided to create my own. The others work, but I found one or two things that I modified, and always like to make my own notes. So diving right in... Terms/Notes * Target = 10.1.0.5
Session Hijacking, XSS, and cookies Brief tutorial/walk through. We will be creating a cookie (manually) for testing, and a very basic test site containing a script that could be embedded in a site via XSS, and then sending our cookie to a remote server[1]. For this exercise, you'll need... * Publicly hosted
Narrowing down the cause of ICMP traffic Most StackOverflow questions which cover narrowing down the source of traffic on a machine deal with TCP or UDP. There's a few for other protocols, but ICMP isn't one that I saw a lot of coverage on. So lets say we are made aware that there
Fixing PuTTY I suppose you could call this another "First (X) Things to Do". I'm talking about the installed version of putty here, and really there isn't much to do. There's really only two things I wanted to make a note of. 1) Disable
Hashcat 3.0 on a 32-bit Linux VM One issue I've had with the new hashcat 3 is the ability to run it within 32-bit linux VM's. Intel doesn't make 32-bit OpenCL drivers [https://software.intel.com/en-us/articles/opencl-drivers#core_xeon]. IBM made some back in 2011 apparently (PDF link [https:
RDP sessions with xfreerdp using PTH I was trying something very simple today on Kali 2016.1 (Kali 2 rolling), passing the hash to an RDP session based on this Kali blog post [https://www.kali.org/penetration-testing/passing-hash-remote-desktop/]. It should have been as simple as apt-get install freerdp-x11 and then the correct command. Again and
[Kali] Running BeEF-XSS on Port 80 BeEF XSS Framework is awesome. However, I wasn't getting good results on port 3000. I have the feeling the firewall on or between the target host was blocking this port. To test this, I wanted to start Beef on port 80 and launch the attack. However, beef-xss runs
[Windows] What user am I? I'm working through exercises in pen-testing and I ran into an slight problem. How do I tell what user I'm currently logged in as? * whoami - Doesn't work, box is too old (pre-vista) * echo %username% - Literally echos %username%, variables don't work.
OSSEC HIDS agent installation script for RHEL/CentOS. I found a very useful script for automating the installation of the OSSEC HIDS agent on RHEL/CentOS servers. This isn't mine, all credit goes to whomever runs 13Cubed. It automatically pulls down the Atomic Repo, installs the HIDS Agent, takes care of file renaming, launches the manager,
Top 1,000 TCP and UDP ports (nmap default) Update: 28 Jan 2025 Welcome Hack The Box crowd! Thank you for all the traffic, and be sure to check out https://nullsec.us/history-of-nmap-top-ports/ Some quick notes on what nmap scans by default, the commands below will give you the ranges scanned, and there's also some lists
