Howto
Horses and DNS BruteForcing..
Old timers here will know about the concept of bruteforcing DNS using the clues available.. i.e. zone transfers disabled, but u see that the NS and MX servers are called gandalf.company.com and elrond.company.com. Effectively trying frodo.company.com is going to make good sense.. To this end BidiBlah will do this automagically for u and tries to eek out info.. (a little while back i saw fierce-scanner pop up in a similar…
Applescript for HTTP BruteForcing..
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to mess about duplicating an applications functionality at the protocol level.. Yesterday i had need to brute-force a web application which tried hard to be difficult and annoying.. Normally i would have used crowbar, Suru or a ugly mangled Python script, but the application was strangely difficult.. i.e. the login process…
Right escalation via services or scheduled tasks in Windows
Scheduled tasks and services are often run as accounts with excessive privileges (HP Insight, backups etc) instead of limited service accounts. By exploring the tasks under c:\windows\tasks or the services by managing the computer, you can quickly see possible options to escalate your rights. By replacing at the actual exe that the service or task runs with a exe of your own, you can spawn a netcat shell. I use…
Prev
Page 3 of 3