carnal0wnage.attackresearch.com
Lets Call Stunt Hacking What it is, Media Whoring. Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2015/05/normal-0-false-false-false-en-us-x-none.html
Answers to Questions from the nVisium SecCasts Pan. Answers on how to get started in Security. Lets Call Stunt Hacking What it is, Media Whoring. Saturday, May 16, 2015. Lets Call Stunt Hacking What it is, Media Whoring. Lets Call Stunt Hacking What it is, Media Whoring. I recently read this article: http:/ www.foxnews.com/tech/2015/03/17/ground-control-analysts-warn-airplane-communications-systems-vulnerable-to/. The practice of companies pushing their best researchers to drop and overhype controversial...
carnal0wnage.attackresearch.com
.git you some with DVCS-Pillage Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2012/10/git-you-some-with-dvcs-pillage.html
Basics of Rails Part 4. Git you some with DVCS-Pillage. Group Policy Preferences and Getting Your Domain 0. Wigle Wifi Wardriving meets Google Earth for Neat . Basics of Rails Part 3. More with Mimikatz (Crypto Module). Basics of Rails Part 2. Basics of Rails Part 1. Run a PowerShell module in Meterpreter. Metasploit and PowerShell payloads. Monday, October 22, 2012. Git you some with DVCS-Pillage. Ron over at SkullSecurity put out a post on Using "Git Clone" to get Pwn3D. To which i got two great replies.
carnal0wnage.attackresearch.com
WebDAV Server to Download Custom Executable or MSF Generated Executables Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2012/06/webdav-server-to-download-custom.html
WebDAV Server to Download Custom Executable or MSF. Burp Intruder and Timing Options. Wednesday, June 6, 2012. WebDAV Server to Download Custom Executable or MSF Generated Executables. Metasploit comes with dllhijacker module. For awhile, but it looked like the dll hijacker module could accomplish it. I added a block of code to the process get function to handle the exe and then removed .exe from the blacklist. Manually execute the exe*. Now if you want to serve a local exe. I've tested this on windows 7...
carnal0wnage.attackresearch.com
Dumping a domain's worth of passwords with mimikatz Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2013/10/dumping-domains-worth-of-passwords-with.html
AD Zone Transfers as a user. Dumping a domains worth of passwords with mimikat. Friday, October 4, 2013. Dumping a domain's worth of passwords with mimikatz. Recently posted a script called " Invoke-Mimikatz.ps1. Basically what this does is reflectively injects mimikatz into memory, calls for all the logonPasswords and exits. It even checks the targets architecture (x86/x64) first and injects the correct DLL. You can very easily use this script directly from an admin command prompt as so:. Powershell Rem...
carnal0wnage.attackresearch.com
January 2015 Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2015_01_01_archive.html
DevOoops: Revision Control (GitList). Shmoocon Notes: Userland Persistence on Mac OS X. Enigma0x3s Generate Macro Powershell Script. DevOoops: Spoofing GitHub Users. Monday, January 26, 2015. DevOoops: Revision Control (GitList). More info from the DevOoops talk. Remote Code Execution in GitList. Background blog post here: http:/ hatriot.github.io/blog/2014/06/29/gitlist-rce/. PS if you don't read that blog, you should :-). Http:/ www.exploit-db.com/exploits/33929/. Backdoor PHP using the python POC.
carnal0wnage.attackresearch.com
February 2015 Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2015_02_01_archive.html
Running PowerShell Scripts That Require Module Imp. Powershell dumping all certs in the cert store. MSFs Mimikatz Windows 8.1 part two. MSFs Mimikatz doesnt work on Windows 8.1 what can. Cisco ASA version grabber (CVE-2014-3398). Monday, February 23, 2015. Running PowerShell Scripts That Require Module Imports With Meterpreter. Old post on the subject here:. Http:/ carnal0wnage.attackresearch.com/2012/10/run-powershell-module-in-meterpreter.html. More recent posts on the subject by harmj0y. Powershell...
carnal0wnage.attackresearch.com
April 2015 Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2015_04_01_archive.html
Running System Commands Against Multiple SSH Serve. Running System Commands Against Multiple SSH Serve. Wednesday, April 8, 2015. Running System Commands Against Multiple SSH Servers with Fabric. Fabric is a python library to automate tasks. As the README says:. Fabric is a Python (2.5-2.7) library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks. More specifically, Fabric is:. Http:/ docs.fabfile.org/en/latest/tutorial.html. There doesn't e...
carnal0wnage.attackresearch.com
PowerShell-AD-Recon by PyroTek3 Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2015/03/powershell-ad-recon-by-pyrotek3.html
DevOoops: Revision Control (git). ElasticSearch CVE-2015-1427 RCE Exploit. ISTS12 Thoughts, Notes, Feedback, Braindump - Air. DevOoops: Revision Control (Subversion). Monday, March 9, 2015. Found a couple of fun PowerShell enumeration scripts here:. C: temp powershell -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https:/ raw.githubusercontent.com/PyroTek3/PowerShell-AD-Recon/master/Discover-PSMSSQLServers'); Discover-PSMSSQLServers". Domain : UNLUCKY.NET. Domain : UNLUCKY.NET.
carnal0wnage.attackresearch.com
Metasploit and MSGRPC Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
http://carnal0wnage.attackresearch.com/2015/03/metasploit-and-msgrpc.html
DevOoops: Revision Control (git). ElasticSearch CVE-2015-1427 RCE Exploit. ISTS12 Thoughts, Notes, Feedback, Braindump - Air. DevOoops: Revision Control (Subversion). Monday, March 16, 2015. I wanted to automate connecting to MSGRPC. I did find a few older tutorials on the subject:. Http:/ blog.spiderlabs.com/2012/01/scripting-metasploit-using-msgrpc-.html. Http:/ jumpespjump.blogspot.com/2013/05/metasploit-msgrpc-with-python-on-kali.html. Https:/ khr0x40sh.wordpress.com/2012/05/. Other stuff you'll need.
SOCIAL ENGAGEMENT