Security Aegis

Quickly gathering logins/emails with theHarvester and Metasploit

Like GI Joe always said: Knowing is half the battle… And so it is the same with hacking. One of the first parts of recon in a pentest is gathering valid login names and emails. We can use these to profile our target, bruteforce authentication systems, send client-side attacks (through phishing), look through social networks for [...]

Easy, breezy, beautiful, password attacking…

Bruting web forms usually is part of a web app assessment. We love to use Hydra, Medusa, or Wfuzz for this but we recently stumbled across a tool that makes it much easier. It's called Fireforce. It's a Firefox extension that gives you point and click bruting. We ran it in our labs with about a [...]

Exploit the User with SET – The Social Engineering Toolkit

I have to say… SET is just plain awesome. The Social Engineering Toolkit (SET) is a set of python scripts created by David Kennedy (aka rel1k) to automate many client side penetration testing vectors. In conjunction with Social-Engineer.org, which is also a top-notch resource, it provides for some of best extensibility in this type [...]

Getsystem, Privilege Escalation via Metasploit

A few weeks ago Chris Gates (ala Attack Research/Carnal Ownage) and Joshua Gauthier showed some quick snippets of Metasploit’s Getsystem extension. Getsystem is meterpreter’s new (windows) privilege escalation extension used in the priv module. Getsystem uses several techniques for priv escalation: Windows Impersonation Tokens (fixed by MS09-012) Abusing LSASS via token passing (Pass-the-Hash) which requires Administrator anyway. [...]

Medusa 2.0: She wears so many hats…

On the heels of us posting about Ncrack, Nmap’s new password brutforcer, the foofus group had go and update Medusa! Medusa, which has been our go-to tool for years, is now 2.0! This is it’s first major release in two years, and it has a multitude of useful changes. -Pool-based thread handling -Modules now request next [...]

BeEF, Browser Rider, and XSSTunnel make friends…

About 7 days ago Wade Alcorn made the announcement that Benjamin Mosse, developer of the other popular browser attack tool Browser Rider, would be involved in an initiative to roll Browser Rider into the BeEF. This is big news. BeEF and Browser Rider have long been somewhat of rivals, and a joint effort by two brilliant [...]

Nsploit: Nmap grows some teeth

Ryan Linn has started a project to bridge Nmap Scans all the way to exploitation using Metasploit. Similar to the db_autopwn via fasttrack script (available in Backtrack 4), Nsploit does even more granular service level Nmap scanning to identify versions and exploits. Then passes of these to Metasploit and launches the pain at your target box. It [...]

More and More Webapp Labs!

So… Since the writing of our webapp lab article a lot of people have gotten together similar projects. We like ours but we wouldn’t be objective if we didn’t report on some other options. The big news is the OWASP Broken Web Applications Project. This Project is a nice *tidy* little VM you can spin up [...]

Testing Flash Applications

SaaS Penetration Testing is a model i can’t get behind, but that doesn’t mean that the people behind the product don’t have good ideas. A few days ago this company provided a pretty decent guideline article on testing flash applications called “A Lazy Pen Tester’s Guide to Testing Flash Applications“ It outlines the general categories of [...]

For whom the Shell tolls…

Catchy title don’t you think? Web shells provide an excellent way to exploit misconfigured web servers. SQL injection, upload scripts, webdav, PUT methods, etc. We can all appreciate command line administration through the web browser! Even better, web shells often allow us to access parts of web servers that normally are quarantined off if [...]