RubberDucky Powershell Payload

On a recent engagement I supported the lead by developing a PowerShell payload for a RubberDucky. The gist is that it will run a handful of standard Windows commands and then e-mail the results to a specified address. It proved to be very helpful and I’ve included it below with comments: # Set execution policy to allow unrestricted script scope Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false #Create results file in current user's temp directory $results = $env:temp + '\results....

December 22, 2014 · 1 min · Chris

PHP, MySql, and Injection

Inspired by Jack Daniel’s “Shoulders of InfoSec Project”, this post will be focused on the people and technologies behind one of the most prevalent attacks on web sites: SQL injection. According to OWASP, injection is the number one attack vector for web applications. Injection attacks can target many different contexts in a web application: HTML, PHP, ASP, Javascript, SQL, etc. Any context in which an interpreter parses input to execute instructions is potentially vulnerable to an injection attack....

November 26, 2014 · 12 min · Chris

URL Encoding

URL Syntax https://admin:[email protected]:80/bio.txt;pp=1&qp=2#Three URL Part URL Data Scheme https User admin Password pass123 Subdomain www Domain example.com Port 80 Path /bio.txt Path Parameter pp=1 Query Parameter qp=2 Fragment Three Safe Characters RFC1738 section 2.2 outlines the safe characters to use in an HTTP URL Scheme: abcdefghijklmnopqrstuvwxyz0123456789$-_.+!*'(), Safe characters can be used in URLs without any form of encoding as they aren’t reserved for special use in the construction of the URL....

October 6, 2014 · 2 min · Chris

DerbyCon 4.0

Unfortunately, I didn’t arrive at the ballroom early enough to get seats, or even standing room, to see this talk in-person: Ed Skoudis: How To Give The Best Pen Test Of Your Life If you’re a Pen Tester, this talk is a must-see. Once you’ve finished that talk, check out John Strand’s excellent follow-up talk! After competing for Friday night, most of Saturday, and Sunday morning, I emerged as the 30th position (solo) out of the 120 teams competing in the CTF....

October 1, 2014 · 1 min · Chris

Local File Inclusion Mini-list

A mini-list reference for interesting LFI targets

September 25, 2014 · 1 min · Chris

NetBIOS Name Spoofing and SMB

NBNS still works!

June 5, 2014 · 4 min · Chris

How to create a Metasploit module

Learn how to create a metasploit module

December 13, 2013 · 7 min · Chris

Professional Organization Habits

This is a topic I’ve had a love/hate relationship with my entire life. I was once forced to go to a time management workshop on Saturdays in high school. My friend and I spent more time talking to the girls in front of us than actually listening to what the lecturer was saying, so I wonder if I missed out on something there… I still struggle with time management and focusing on one task at a time until completion....

December 6, 2013 · 4 min · Chris

DNS Recon

Introductory methods for DNS reconnaissance.

November 22, 2013 · 6 min · Chris

BSides DC 2013

Notes from BSides DC 2013

October 21, 2013 · 6 min · Chris

Subdomain Enumeration

Techniques for performing subdomain enumeration information gathering.

October 7, 2013 · 3 min · Chris

Configure Your Environment

Customize your working environment to your liking

October 1, 2013 · 4 min · Chris

Reverse shell methods

Methods for obtaining reverse shells

September 30, 2013 · 3 min · Chris

OSX Terminal - List Processes

An exploration of the ps command

June 23, 2012 · 7 min · Chris

Federal conference takeaways

Tips picked up from a red/blue infosec conference

June 12, 2012 · 6 min · Chris

Powershell Environment Variables

How to determine Powershell environment variables

March 13, 2012 · 2 min · Chris