Pass The Hash

One of my most used and favourite tools on any infrastructure test. Keimpx is a fantastic little tool which allows the spraying of Windows password hashes to a host or a list of multiple hosts to test for valid credentials. Once it finds a valid match it offers the ability to gain a reverse shell to the remote host. Read More

Recent Articles
Dec
7

ShieldPass Two-Factor Authentication

ShieldPass Two-Factor Authentication

I recently came across something called ShieldPass which is a two factor authentication system that you can integrate into your website easily and more importantly cheaply. You receive a cool little credit size card that has a clear window area with parts of digits displayed. Once you add the code for this system into your website it will present an area […]

Read More
Dec
6

MS11-080 Local Privilege Escalation

MS11-080 Local Privilege Escalation

MS11-080 – CVE-2011-2005 A great little Python script that escalates privileges and results in a SYSYEM shell. It works on Windows XP SP3 and Windows 2003 SP2.  Running the script as a standard non admin user will escalate privileges to compromise the system via Afd.sys. It does require Python installed on the victims system which is […]

Read More
Nov
26

Customising The Metasploit Console

Customising The Metasploit Console

I came across some interesting posts about this area and looked into it more (credit to room362.com and @egyp7). There is a nice way to customise the msf> console prompt to give you some extra info. For me having the local IP address is very useful, saves time later on when using LHOST etc. For example set PROMPT […]

Read More
Nov
18

A Windows 7 Workout

A Windows 7 Workout

  Working on computers all day, its nice to get away from one and get to the gym…. well it seems gym equipment is just a computer too these days. The gym I go to has just got these cool new state of the art bikes in.. Handle bars that steer, brakes, gears etc and […]

Read More
Nov
5

Fun With WordPress Blog

Fun With WordPress Blog

It has been a while since I have posted or created any videos, so I thought would create a quick one relating to WordPress. It is not something you get to test much in the real world, but there are some useful tools out there. Nothing cutting edge or new about the contents, but some […]

Read More
Aug
10

Metasploit Book Review

Metasploit Book Review

I have just finished the new Metasploit: The Penetration Tester’s Guide book and thought would share my thoughts on this. I am not really a big fan of reading books, I tend to play about and work things out myself but I had to order this book the second I see it as Metasploit is a […]

Read More
Apr
1

Metasploit April Fools

Metasploit April Fools

Very funny to see this when updated and logged in today to Metasploit..Good to see they have a sense of humor! Tweet

Read More
Dec
4

Common Exploits Goes Mobile!

Common Exploits Goes Mobile!

Yes you can now view common exploits with ease on your smart phone devices. It will auto detect and display a much more friendly version to your mobile device. Most pen testers are often travelling over the place to clients and a perfect way to view on your mobile. Hope you like it. Tweet

Read More
Nov
28

Armitage – Metasploit Free Management GUI

Armitage – Metasploit Free Management GUI

I came across something very cool today for Metasploit. Armitage has released a very nice gui management system to control Metasploit and make life easier to manage to exploit systems. Although I like to use non gui products, this is really something good and is like an open source Core Impact style system. It allows […]

Read More