Author: <span>n00py</span>

VulnHub Walkthrough: hackfest2016: Sedna

March 19, 2017
ExploitWalkthrough
0 Comment

Sedna is the second vulnerable VM released by hackfest.ca this month.  Much of the first steps of enumeration will be similar to that of my write up for the first VM in the series. The first thing I start with is an Nmap scan.  The output is below, shortened for brevity.

Like before, the…

Read More

VulnHub Walkthrough: hackfest2016: Quaoar

March 17, 2017
ExploitWalkthrough
0 Comment

A relatively new set of VulnHub CTFs came online in March 2017.  This post is about the first and easiest one, named “Quaoar“. This post will be a walk-through of my exploitation of this system. The first thing I like to start off with on any box is a full TCP port scan.  When you…

Read More

Compromising Synergy clients with a rogue Synergy server

March 3, 2017
ExploitPentestingResearchVulnerability
0 Comment

  Synergy is a type of mouse an keyboard sharing software. When configured, moving your mouse off the screen will allow you to control another system that is also set up with Synergy. Below is a YouTube video from Synergy on how it works: The way this works is one host acts as the Synergy…

Read More

From OSINT to Internal – Gaining Access from outside the perimeter

March 1, 2017
ExploitPentestingVulnerability
0 Comment

                  During an external penetration test, you may be tasked with gaining access from the internet with no knowledge of the a target environment.  After hitting all known servers and web applications with various scanning tools, you have nothing. Searching open source information such as database breaches…

Read More

Removing Backdoors – Powershell Empire Edition

January 30, 2017
DefenseIncident Responsepersistence
0 Comment

                  I’m a big fan of Powershell Empire for penetration testing.   If you haven’t heard of it, it is a post-exploitation framework which uses powershell agents to run post-exploitation scripts on a target system.  This blog post is meant to address a small subset of the…

Read More

Compromising Jenkins and extracting credentials

January 21, 2017
PentestingPost Exploitation
0 Comment

      Jenkins is an open-source continuous integration software tool written in the Java programming language.  While useful to developers, it can also be useful to attackers.  Often times developers will leave Jenkins consoles in an insecure state, especially within development environments.  Jenkins has a scripting console available which can be used to run…

Read More

Control your Mac with an iPhone app – An analysis of HippoRemote

January 4, 2017
ExploitOSXResearchVulnerability
0 Comment

              Applications that are in use on Macs often times are under less scrutiny for security compared to their Windows alternatives.  When researching popular apps in use on OS X I found an app on the iPhone called HippoRemote.  It appears to be quite popular, with a combined 7,558…

Read More

Using email for persistence on OS X

October 28, 2016
OSXpersistencePost ExploitationResearch
0 Comment

In this post we will cover how we can use Mail.app on OS X to persist.  I was inspired by similar tools which are designed to work with Microsoft Outlook.  I first stumbled upon this article from MWR InfoSecurity, and then this blog post from Silent Break Security.  While rules in Mail.app will not replicate…

Read More

Privilege escalation on OS X – without exploits

October 16, 2016
OSXPost Exploitation
0 Comment

This blog post is about ways to escalate privilege on OS X without the usage of exploits.  While exploits are always nice to have, there are other ways in which you can gain root privileges on your target.  By using misconfigurations with a little bit of social engineering you can get your victim to escalate…

Read More