Local File Inclusion Mini-list
Sep 25, 2014
Version 0.1 Linux files /etc/passwd /etc/group /etc/hosts /etc/motd /etc/issue /etc/bashrc /etc/apache2/apache2.conf /etc/apache2/ports.conf /etc/apache2/sites-available/default /etc/httpd/conf/httpd.conf /etc/httpd/conf.d /etc/httpd/logs/access.log /etc/httpd/logs/access_log /etc/httpd/logs/error.log /etc/httpd/logs/error_log /etc/init.d/apache2 /etc/mysql/my.cnf /etc/nginx.conf /opt/lampp/logs/access_log /opt/lampp/logs/error_log /opt/lamp/log/access_log /opt/lamp/logs/error_log /proc/self/environ /proc/version /proc/cmdline /proc/mounts /proc/config.gz /root/.bashrc /root/.bash_history /root/.ssh/authorized_keys /root/.ssh/id_rsa /root/.ssh/id_rsa.keystore /root/.ssh/id_rsa.pub /root/.ssh/known_hosts /usr/local/apache/htdocs/index.html /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/extra/httpd-ssl.conf /usr/local/apache/logs/error_log /usr/local/apache/logs/access_log /usr/local/apache/bin/apachectl /usr/local/apache2/htdocs/index.html /usr/local/apache2/conf/httpd.conf /usr/local/apache2/conf/extra/httpd-ssl.conf /usr/local/apache2/logs/error_log /usr/local/apache2/logs/access_log /usr/local/apache2/bin/apachectl /usr/local/etc/nginx/nginx.conf /usr/local/nginx/conf/nginx.conf /var/apache/logs/access_log /var/apache/logs/access.log /var/apache/logs/error_log /var/apache/logs/error.log /var/log/apache/access.log /var/log/apache/access_log /var/log/apache/error.log /var/log/apache/error_log /var/log/httpd/error_log /var/log/httpd/access_log Windows files C:\boot.ini C:\apache\logs\access.log C:\apache\logs\error.log C:\ProgramFiles\Apache Software Foundation\Apache2.2\conf\httpd.conf C:\ProgramFiles\Apache Software Foundation\Apache2.
NetBIOS Name Spoofing and SMB
Jun 5, 2014
This is a fun technique for harvesting user credentials that still works: NetBIOS name spoofing. NetBIOS is a Session layer technology from the early 1980’s that is still in use on networks today. Today, NetBIOS is used predominately in Windows networks as the session service for Server Message Block (SMB) aka Common Internet File System (CIFS), an Application layer technology for sharing files, printers, and inter process communication (IPC).
Start the NetBIOS Name Spoofing Using Metasploit, load the auxiliary/spoof/nbns/nbns_response module:
How to create a Metasploit module
Dec 13, 2013
Today I want to review how to create a metasploit module. This process was entirely new to me, so I decided to start from scratch, using the Metasploit Unleashed site as a guide. My aim was to create an auxiliary scanner to look for Dropbox listeners running on the default ports of TCP/17500 and UDP/17500. I use Kali Linux, so all of my examples will reflect such.
Where to begin? I decided to start by identifying the conditions my module would search for.
Professional Organization Habits
Dec 6, 2013
This is a topic I’ve had a love/hate relationship with my entire life. I was once forced to go to a time management workshop on Saturdays in high school. My friend and I spent more time talking to the girls in front of us than actually listening to what the lecturer was saying, so I wonder if I missed out on something there… I still struggle with time management and focusing on one task at a time until completion.
Nov 22, 2013
The Domain Name System is crucial for human interaction with networks. Gathering information about a target is critical to performing a successful penetration test, and the DNS service is one of the key sources of this information. Today, I want to write about the different types of information that can be discovered by probing this service using a mix of command line tools and web resources. There are many tools available to interact with DNS, but today I’m going to cover the use of nslookup, host, and dig on the command line, and the netcraft website.
BSides DC 2013
Oct 21, 2013
Some thoughts of mine* from BSides DC 2013:
Bruce Potter - Keynote My takeaway from this discussion was that we should all strive to be better hackers, and moreover, people in general. Meh, that’s simplified and cliche, so let me expand:
This industry has grown large. Very large. What was once the realm of what I’ll call “true” blackhats and whitehats - those adventurers whose sole purpose was to seek the thrill of hacking offensively and defensively - has had billions of dollars infused into it over the past two decades.
Oct 7, 2013
As with most things related to pen-testing, there are many different ways to enumerate the subdomains of your target. One promising tool I’ve been playing with recently is recon-ng. I won’t be at all surprised if recon-ng becomes as popular for the reconnaissance phase of a pentest as metasploit has become for the exploit phase. Today, though, I want to talk about a fun method I used a few weeks ago to find out more about the subdomains of my target.
Configure Your Environment
Oct 1, 2013
In my last post on Reverse Shell Methods, I discussed the shell a lot. As a penetration tester, I spend the majority of my actual “work” time in a shell. I leverage Windows, OSX, and Linux about evenly throughout the day, so I’ve tried to customize my environment in all three, though I have had substantially more success tweaking OSX and Linux to my liking. Today, I want to discuss the way I’ve configured my OSX, Kali, and Metasploit prompts to give me the information I need when I need it - for example, when you are writing your penetration test report.
Reverse shell methods
Sep 30, 2013
Welcome and Hello! Let’s get started… Today’s topic: Reverse Shells
What is a Reverse Shell? A reverse shell is a method by which penetration testers (and bad guys!) can gain a shell, or user command access, on a target. They are very useful because they initiate communication from a trusted host inside the perimeter to a host outside of the perimeter. This means a reverse shell has the capability to bypass firewall ingress rules, which would prevent incoming connections - aka bind shells - from reaching into the network to gain user command access on a host.
OSX Terminal - List Processes
Jun 23, 2012
The UNIX command for listing processes from the command line is:
ps “ps” stands for “process status” and by default it will print a list of processes identifiers, controlling terminals, CPU time (user and system), state, and the associated command. Here is the output I see when I type “ps” at the terminal:
$ ps PID TTY TIME CMD 17559 ttys000 0:00.05 -bash 23627 ttys000 0:00.01 man ps 23630 ttys000 0:00.