ghost Adding security.txt to Ghost Ghost [https://github.com/TryGhost/Ghost] is pretty great. Simple markdown language for posts, lightweight, and self-hosting allows me to keep costs down and lets me customize some things. However, it also feels a bit goofy when you try to customize some things. One of these was adding a security.
I accidentally the whole / Instead of chmod -R ./ 664 * inside a script, I just ran chmod -R / 664 *. Worse, this was inside AWS, no directly console access. Woops... This isn't the worst thing to recover from if you're sitting in front of a physical machine and have access to the
Finding Event Logs Caused by an Action Windows 10 1803 x2 - vanilla install, all commands run from elevated prompt Ever want to find out what Windows Event Logs are created by a particular action? There doesn't seem to be an evtx diff utility, and being a binary format makes it somewhat difficult. Log Parser
EternalBlue on Windows XP There's a few articles and exploits out there where EternalBlue has been found to work on Windows XP. However, the metasploit framework does not seem to have a reliable exploit for it. I did find a working exploit here [https://github.com/worawit/MS17-010], specifically zzz_exploit.py
Making Firefox tabs behave more like Chrome One of the only things holding me back from using Firefox over Chrome was the behavior of the tabs. I absolutly hated having to scroll back and forth to find a tab, and I frequently have tons of tabs opened. The solution, posted in this thread by /u/robotkoer has
Helpful Nmap Notes Nmap can take script arguments in a fashon such as the following nmap -Pn -sU -sS --script "rdp-ntlm-info,smb* and not smb-brute and not smb-flood and not smb-psexec and not smb-enum-shares" -T4 -p U:137,U:138,T:137,T:139,T:445,T:3389 192.168.1.
Stresspaint Malware IOC's One thing that continues to amaze me is that anytime something like this hits the news, IOC's are limited to what files (by name) it drops. Ya know what's even more useful? Hashes, hashes are more useful. So here's a few I was able
Fixing a raw shell with Python and stty I've seen the python pty trick in a few places, first when taking OSCP labs. However, if you've noticed there's still some problems. 2 years ago at HackFest @r00k [https://twitter.com/_r00k_] did a presentation where he improved the quality of the shell
OpenSSL and Private Key Compromise This is a problem I've run into several times in the past, so I wanted to document this a bit. While processing certificate signing requests (CSR's) I've occasionally had external entities send the private key along with the CSR. I guess they assume it&
changes Changes If you closely follow this site (which I doubt anyone actually does), you may have noticed some differnces to the theme and a bit of downtime yesterday. I'm making some changes to the site with the following goals in mind * Save some money * Reduce complexity * Improve security With
Browser Cryptominer Finally found a live site mining crypto currency tonight. Really quick post on detection. WARNING! As of this writing, this site drives CPU to >70% and mines cryptocurrency. As far as I can tell, that's all it does, but you know... So first, the site in question:
FUZZBUNCH, msfvenom, meterpreter, and YOU! I've read a few of the FUZZBUNCH / ETERNALBLUE / DOUBLEPULSAR tutorials, and decided to create my own. The others work, but I found one or two things that I modified, and always like to make my own notes. So diving right in... Terms/Notes * Target = 10.1.0.5
Session Hijacking, XSS, and cookies Brief tutorial/walk through. We will be creating a cookie (manually) for testing, and a very basic test site containing a script that could be embedded in a site via XSS, and then sending our cookie to a remote server[1]. For this exercise, you'll need... * Publicly hosted
Narrowing down the cause of ICMP traffic Most StackOverflow questions which cover narrowing down the source of traffic on a machine deal with TCP or UDP. There's a few for other protocols, but ICMP isn't one that I saw a lot of coverage on. So lets say we are made aware that there
Fixing PuTTY I suppose you could call this another "First (X) Things to Do". I'm talking about the installed version of putty here, and really there isn't much to do. There's really only two things I wanted to make a note of. 1) Disable
Hashcat 3.0 on a 32-bit Linux VM One issue I've had with the new hashcat 3 is the ability to run it within 32-bit linux VM's. Intel doesn't make 32-bit OpenCL drivers [https://software.intel.com/en-us/articles/opencl-drivers#core_xeon]. IBM made some back in 2011 apparently (PDF link [https:
RDP sessions with xfreerdp using PTH I was trying something very simple today on Kali 2016.1 (Kali 2 rolling), passing the hash to an RDP session based on this Kali blog post [https://www.kali.org/penetration-testing/passing-hash-remote-desktop/]. It should have been as simple as apt-get install freerdp-x11 and then the correct command. Again and
[Kali] Running BeEF-XSS on Port 80 BeEF XSS Framework is awesome. However, I wasn't getting good results on port 3000. I have the feeling the firewall on or between the target host was blocking this port. To test this, I wanted to start Beef on port 80 and launch the attack. However, beef-xss runs
[Windows] What user am I? I'm working through exercises in pen-testing and I ran into an slight problem. How do I tell what user I'm currently logged in as? * whoami - Doesn't work, box is too old (pre-vista) * echo %username% - Literally echos %username%, variables don't work.
OSSEC HIDS agent installation script for RHEL/CentOS. I found a very useful script for automating the installation of the OSSEC HIDS agent on RHEL/CentOS servers. This isn't mine, all credit goes to whomever runs 13Cubed. It automatically pulls down the Atomic Repo, installs the HIDS Agent, takes care of file renaming, launches the manager,
Top 1,000 TCP and UDP ports (nmap default) Some quick notes on what nmap scans by default, the commands below will give you the ranges scanned, and there's also some lists suitable for copy/pasting. * Top 1,000 TCP Ports: nmap -sT --top-ports 1000 -v -oG - * Top 1,000 UDP Ports: nmap -sU --top-ports 1000
Hashcat goes open source with v2.00 The official announcement is on the Hashcat forums [https://hashcat.net/forum/thread-4880-post-27398.html#pid27398]. This is amazing news, I can't wait to see what this brings. Among the things I can't wait for... * OSX Support * Huge improvements in several algorithms * Contributions from others in the
First (X) things to do after installing Windows 10 I reinstalled Windows 10 the other day and realized that there were several settings I needed to tweek, so in the spirt of my Kali post, here's Windows 10 First Things. 1) Uninstall Build-In Apps Launch Powershell with Administrator rights and enter the following. Note that this removes
Starting up Metasploit Framework in Kali Linux 2.0 (Sana) Lack of updates, I know, I'm still busy. Today's entry is a direct copy and paste from the Kali site. In case you missed it (like I did) Kali 2.0 handles Metasploit a bit different, its no longer a service. This is mostly just a
Victim Blame vs. Negligence So I think it's time for my first "opinion piece". This is in response to the following article, and several tweets I've seen saying that pulling security clearances is a bad idea and amounts to a blame the victim mentality. http://arstechnica.com/security/
