Phishing Against Protected View


Microsoft Office has a security feature called Protected View. This feature opens an Office document that originates from the internet in a restricted manner. The idea is that it will prevent automatic exploitation of things such as OLE, Flash and ActiveX by restricting Office components that are allowed to execute. In 2016, Microsoft Patched a bug in Protected View around Excel Add-in files via CVE-2016-4117. @HaifeiLi has done some great research in this area, which you can read about here. MWR Labs also has a great white paper on understanding the Protected View Sandbox, which you can read about here. In this post, I will highlight some techniques you can employ to circumvent Protected View while still having access to the techniques us red teamers have grown to know and love. 

In my experience, end users are less likely to exit Protected View than they are to…

View original post 881 more words

Kismet | Wireless Network Detector, Sniffer,Intrusion Detection System | Digital Hacker

Digital Hacker


What is Kismet?

Kismet is an 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card that supports raw monitoring (rfmon) mode, and can sniff 802.11a/b/g/n traffic. It can use other programs to play audio alarms for network events, read out network summaries, or provide GPS coordinates. This is the main package containing the core, client, and server.

How to install ?

1)open terminal (ctrl+alt+t)
2) sudo apt-get install kismet

Tools included in the kismet package :

kismet_server – The Kismet server component
root@kali:~# kismet_server -h
Usage: kismet_server [OPTION]
Nearly all of these options are run-time overrides for values in the
kismet.conf configuration file.  Permanent changes should be made to
the configuration file.
*** Generic Options ***
-v, –version                Show version
-f, –config-file     Use alternate configuration file
–no-line-wrap           Turn…

View original post 932 more words

Penetration testing and webapp cheat sheets

I do not think I have collected them all yet, but here's what I have so far. Please suggest more. mobile application pentesting: Pentesting XSS Vectors and cookie stealing Penetration testing tools Penetration testing & exploit development Printer security testing Nmap (Printable, 2013): Nmap (Not printable, date unknown):…Read more Penetration testing and webapp cheat sheets

A cheat-sheet for password crackers

In this article I am going to share some bash scripting commands and regular expressions which I find useful in password cracking. Most of the time, we find hashes to crack via shared pastes websites (the most popular of them being Pastebin.) Isolating the hashes by hand can be a time consuming process; for that…Read more A cheat-sheet for password crackers

Manual pentesting cheatsheet (Windows)


This is a list of commands that can be useful when you have a shell on a Windows box and you want to do local discovery, escalate privileges and pivot (without using tools as Metasploit):

View your current user:whoami
View information about the current user:net user myuser(for a local user)
net user myuser /domain (for a domain user)
View the local groups:net localgroup
View the local administrators:net localgroup Administrators
Add a new user:net user myuser mypass /add
Add a user in the local Administrators group:net localgroup Administrators myuser /add
View the domain name of current machine:net config workstation
net config server
View the name of the domain controller:reg query "HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionGroup Policy History" /v DCName
View the list of domain admins:net group "Domain Admins" /domain
View the list of started services (search for antivirus):net start
sc query
Stop a…

View original post 212 more words


PIVOTING TO THE INTERNAL NETWORK A few months ago I ran into WordPress on a penetration test. It was a generic web application security assessment, but in this case, I was able to compromise the server and most noteworthy to do pivoting thru the internal network. I thought I’d take the compromise walk-through and turn…Read more COMPROMISING A WORDPRESS SITE AND PIVOTING TO THE INTERNAL NETWORK

Using APT tactics and techniques in your pentests   APT tactics I have a student that has been asking me about internal network penetration testing. As a result, I figured I’d write a blog post about APT tactics. I was trying to explain to him that there is so much more to it than just…Read more