Showing 17 results for: 2014 ×Penetration Testing ×

Building my own personal password cracking box

Since 2003, I've spent a majority of my workdays hacking systems. I've collected tons of penetration testing tips and tricks and have shared some of them on this blog. As a part of my work as a penetration tester, cracking...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

Cracking IKE Mission:Improbable (Part3)

Introduction As discussed in parts 1 and 2 of this series, the most common VPN endpoints (responders) found supporting Aggressive Mode negotiation are Cisco devices. However, they are also almost always supported by a second factor authentication mechanism known as...

Monkey Patching the Matrix

For those of you not familiar with monkey patching, it’s a mechanism to “extend or modify the run-time code of dynamic languages without altering the original source code”. Previously, I demonstrated how monkey patching can modify the logic of a...

Baby's first NX+ASLR bypass

Recently, I've been trying to improve my skills with regards to exploiting memory corruption flaws. While I've done some work in the past with exploiting basic buffer overflows, format string issues, etc., I'd only done the most basic work in...

An Intro to NetSupport Manager Scripts

On a recent gig I was hit with hundreds of hosts running a service on port TCP 5405, the NetSupport remote management application. Running a version port scan on them revealed nothing more than: 5405/tcp open netsupport NetSupport PC remote...

Old School Code Injection in an ATM .dll

During our last ATM review engagement, we found some interesting executable files that were run by Windows Services under Local System account. These binaries had weak file permissions that allowed us to modify them using the standard ATM user account....

Responder 2.0 - Owning Windows Networks part 3

Introduction: The power and flexibility of Responder has grown significantly over the past year. Responder is a powerful and easy-to-use tool for penetration testers looking to highlight and exploit weaknesses in a number of popular default network configurations. In this...

CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries

In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat Denial-of-Service in detail. The article reviews the vulnerability's technical aspects in depth and includes recommendations that can help administrators defend from future exploitation of this security issue....

The Keystone Rocks - Foundation Chips of Pentesting Tips Part 1

The knowledgebase of a penetration tester can be broadly split into two categories: Relevant knowledge and Meaningless knowledge. These can also be thought of as Non-persistent knowledge and Persistent knowledge respectively. Although, I should highlight that these alternative labels for...