Monthly archives: March, 2017

Squeezing the juice out of a compromised WordPress server

During the course of a penetration test, you may stumble upon a web server running WordPress.  WordPress is a highly popular CMS.  It runs on PHP, and is typically ran on top of a LAMP stack.  While most WordPress servers on the web are configured with strong passwords and security plugins, rarely is this the…


VulnHub Walkthrough: hackfest2016: Sedna

Sedna is the second vulnerable VM released by hackfest.ca this month.  Much of the first steps of enumeration will be similar to that of my write up for the first VM in the series. The first thing I start with is an Nmap scan.  The output is below, shortened for brevity. root@kali:~# nmap 10.0.1.22 -p-…


VulnHub Walkthrough: hackfest2016: Quaoar

A relatively new set of VulnHub CTFs came online in March 2017.  This post is about the first and easiest one, named “Quaoar“. This post will be a walk-through of my exploitation of this system. The first thing I like to start off with on any box is a full TCP port scan.  When you…


Compromising Synergy clients with a rogue Synergy server

  Synergy is a type of mouse an keyboard sharing software. When configured, moving your mouse off the screen will allow you to control another system that is also set up with Synergy. Below is a YouTube video from Synergy on how it works: The way this works is one host acts as the Synergy…


From OSINT to Internal – Gaining Access from outside the perimeter

                  During an external penetration test, you may be tasked with gaining access from the internet with no knowledge of the a target environment.  After hitting all known servers and web applications with various scanning tools, you have nothing. Searching open source information such as database breaches…