Penetration testing and webapp cheat sheets

I do not think I have collected them all yet, but here's what I have so far. Please suggest more. mobile application pentesting: Pentesting XSS Vectors and cookie stealing Penetration testing tools Penetration testing & exploit development Printer security testing Nmap (Printable, 2013): Nmap (Not printable, date unknown):…Read more Penetration testing and webapp cheat sheets

A cheat-sheet for password crackers

In this article I am going to share some bash scripting commands and regular expressions which I find useful in password cracking. Most of the time, we find hashes to crack via shared pastes websites (the most popular of them being Pastebin.) Isolating the hashes by hand can be a time consuming process; for that…Read more A cheat-sheet for password crackers

Manual pentesting cheatsheet (Windows)


This is a list of commands that can be useful when you have a shell on a Windows box and you want to do local discovery, escalate privileges and pivot (without using tools as Metasploit):

View your current user: whoami
View information about the current user: net user myuser(for a local user)
net user myuser /domain (for a domain user)
View the local groups: net localgroup
View the local administrators: net localgroup Administrators
Add a new user: net user myuser mypass /add
Add a user in the local Administrators group: net localgroup Administrators myuser /add
View the domain name of current machine: net config workstation
net config server
View the name of the domain controller: reg query "HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionGroup Policy History" /v DCName
View the list of domain admins: net group "Domain Admins" /domain
View the list of started services (search for antivirus): net start
sc query
Stop a…

View original post 212 more words


PIVOTING TO THE INTERNAL NETWORK A few months ago I ran into WordPress on a penetration test. It was a generic web application security assessment, but in this case, I was able to compromise the server and most noteworthy to do pivoting thru the internal network. I thought I’d take the compromise walk-through and turn…Read more COMPROMISING A WORDPRESS SITE AND PIVOTING TO THE INTERNAL NETWORK

Using APT tactics and techniques in your pentests   APT tactics I have a student that has been asking me about internal network penetration testing. As a result, I figured I’d write a blog post about APT tactics. I was trying to explain to him that there is so much more to it than just…Read more

UAC Bypass – SDCLT

Penetration Testing Lab

SDCLT is a Microsoft binary that is used in Windows systems (Windows 7 and above) to allow the user to perform backup and restore operations. However it is one of the Microsoft binaries that has been configured to have the autoElevate setting to “true”. This can be verified by using the Sigcheck tool from sysinternals and exploring its manifest file:

sdclt - autoelevate set to true sdclt – autoelevate is set to true

Matt Nelson discovered two methods that can allow  a user to bypass UAC through this binary in Windows 10 environments. Both methods require to construct a specific registry structure however they differ from each other since one method can take command parameters while the other method the full path of a binary that will executed.

App Paths

The backup and restore operation is part of the control panel. This means that when the sdclt.exe process starts the control panel is starting as well…

View original post 359 more words

QR Code Attack Vector :: Spoofing, Poisoning and Phishing aplications with QR Codes

QR code is a structured code in an image that can be read by specific readers that reveal their content or perform redirect functions for pages and so on. This tool, which was created especially for parts catalog and inventory management, is now used in various posters, business cards, banners, manuals, flayers and etc, and…Read more QR Code Attack Vector :: Spoofing, Poisoning and Phishing aplications with QR Codes