blog - Zero-Day

Modifying exploits - hands-on example

The truth is that exploits, especially POC's on Exploit-DB don't work out of the box but you need to tailor it to the specific situation our environment. As this is can be very challenging, I'll demonstrate a hands-on example This blog post continues our previous post on the windows exploit suggester, but deserves a seperate post on its own. In our last post, our exploit-suggester pointed us to the following

remote shell

Get a meterpreter shell with PSExec

Let's assume you already got some low-privilege foothold in a network and obtained a working higher-privileged username and (hashed) password via spear-phishing or creating a new account via exploiting an unquoted service path. I'll explain this blog post how you can obtain a meterpreter shell with these credentials. This is also called lateral movement during a peneteration test. Our target machine is the Metasploitable 3 Windows Server 2008 VM. PSExec

SQL injection

SQL Injections

In this blog post, I'll cover the basics of SQL Injection and demonstrate some examples. Source: xkcd.com What is SQL injection? SQL injections are amongst the most common web hacking techniques. Basically, a SQL injection is exploiting a vulnerability in a web application by injecting malicious SQL commands in an input field, allowing to bypass authentication; disclose, alter or delete data. The following answer on StackExchange explains the concept

How to save your bitlocker key locally

How to save your bitlocker key on a local drive When attempting your bitlocker recovery key on your local drive, you receive an error message that your key can't be saved to an encrypted drive. As this is a bit cumbersome if you want to save it to your dropbox account by example, there is an easy workaround. Instead of saving the key to your C:/ location, save it to

metasploitable metasploit

Metasploit walkthrough

Step by step Metasploit walkthrough Usually, the ultimate goal is to get a root shell on the target machine, meaning you have total control over that machine. I will demonstrate step by step how to obtain a root shell on the Metasploitable 3 virtual machine using Metasploit. You will see that hacking is not always straightforward and more than often, you need to start again or find alternative solutions. To

Creating the Metasploitable 3 VM

Intentionally vulnerable machines The Metasploitable virtual machines are intentionally vulnerable machines, designed by Rapid 7 - the company behind Metasploit Pro - for training offensive security skills and testing exploits. Another good source of for such vulnerable virtual machine's are available on VulnHub as well. Some VM's on Vulnhub are special crafted CTF machines, which contains 'flags' to find. These flags represent the crown jewels of your target and are

reverse shell remote shell

Netcat

What is Netcat? Netcat is considered the Swiss-army knife in information security. Basically, it's a power version of the classic Telnet program, capable of numerous additional tasks like chatting, file transfer, port scanning, banner grabbing, opening remote shells to even setting up a honey pot. An important feature of Netcat is that it can serve both as a client and a server (more detail later). In this blogpost, I'll practice

networking portscanning

Network scanning with Nmap

Let's talk network scanning, which is a vital part of offensive security. Nmap The undisputed leader for network scanning is Nmap (Network mapper), which is a free and open source utility for network discovery and security auditing. It's not only used by security professionals, but also by system and network administrators for monitoring and managing purposes. Nmap is extremely powerful as its functions range from determining winch hosts are available,

mobile security in-app purchases

Bypassing paywalls on iOS apps

I've considered not writing this blog post as I am not promoting piracy on this blog, but am merely are interested in the mechanics of bypassing paywalls or unlocking in-app purchases on iOS devices, hoping urging developers to improve their security. However, without giving an exact walkthrough for a specific apps I feel I can stay within the right side of the thin line. Prerequisites You will need a jailbroken

zonetransfer AXFR

DNS Zone transfers

Let's talk DNS Zone transfers. What is a DNS Zone Transfer? First of all, a DNS zone transfer is not an actual attack. It's an information gathering method to facilitate later attacks. In 'normal' circumstances, a DNS Zone Transfer is used to copy the zone file (a copy of all DNS names in a zone) from a master DNS server to a slave DNS server. Why is it useful for

OSCP CISSP

Post number one: what's this all about?

Hi. I'm Dennis, I live in Belgium and am currently working as a security consultant. As long as I can remember, I have had a strong interest in technology and computers. Amongst things that interest me and experiments, you'll find here my notes on the road to my CISSP and OSCP certification. Update: meanwhile I've acquired both the CISSP and OSCP certification, yay! There are many very good blogs on