During an external penetration test, you may be tasked with gaining access from the internet with no knowledge of the a target environment. After hitting all known servers and web applications with various scanning tools, you have nothing. Searching open source information such as database breaches…
Removing Backdoors – Powershell Empire Edition
I’m a big fan of Powershell Empire for penetration testing. If you haven’t heard of it, it is a post-exploitation framework which uses powershell agents to run post-exploitation scripts on a target system. This blog post is meant to address a small subset of the…
Compromising Jenkins and extracting credentials
Jenkins is an open-source continuous integration software tool written in the Java programming language. While useful to developers, it can also be useful to attackers. Often times developers will leave Jenkins consoles in an insecure state, especially within development environments. Jenkins has a scripting console available which can be used to run…
Control your Mac with an iPhone app – An analysis of HippoRemote
Applications that are in use on Macs often times are under less scrutiny for security compared to their Windows alternatives. When researching popular apps in use on OS X I found an app on the iPhone called HippoRemote. It appears to be quite popular, with a combined 7,558…
Using email for persistence on OS X
In this post we will cover how we can use Mail.app on OS X to persist. I was inspired by similar tools which are designed to work with Microsoft Outlook. I first stumbled upon this article from MWR InfoSecurity, and then this blog post from Silent Break Security. While rules in Mail.app will not replicate…
Privilege escalation on OS X – without exploits
This blog post is about ways to escalate privilege on OS X without the usage of exploits. While exploits are always nice to have, there are other ways in which you can gain root privileges on your target. By using misconfigurations with a little bit of social engineering you can get your victim to escalate…
Categories
n00py Blog- Adding DCSync Permissions from Linux
- Resetting Expired Passwords Remotely
- Dumping Plaintext RDP credentials from svchost.exe
- The Dangers of Endpoint Discovery in VIPRE Endpoint Security
- Dumping LAPS Passwords from Linux
- Alternative ways to Pass the Hash (PtH)
- Password Spraying Secure Logon for F5 Networks
- Extracting files from Burp Intruder Output
- Exploiting LDAP Server NULL Bind
- Managing Active Directory groups from Linux
January 2022 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Archives
- January 2022
- September 2021
- May 2021
- December 2020
- August 2020
- May 2020
- February 2020
- January 2020
- December 2019
- June 2019
- March 2019
- October 2018
- August 2018
- June 2018
- April 2018
- March 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- June 2017
- April 2017
- March 2017
- January 2017
- October 2016