Pass The Hash

One of my most used and favourite tools on any infrastructure test. Keimpx is a fantastic little tool which allows the spraying of Windows password hashes to a host or a list of multiple hosts to test for valid credentials. Once it finds a valid match it offers the ability to gain a reverse shell to the remote host. Read More

Recent Articles
Nov
28

Armitage – Metasploit Free Management GUI

Armitage – Metasploit Free Management GUI

I came across something very cool today for Metasploit. Armitage has released a very nice gui management system to control Metasploit and make life easier to manage to exploit systems. Although I like to use non gui products, this is really something good and is like an open source Core Impact style system. It allows […]

Read More
Nov
26

Impersonating The Domain Administrator via SQL Server

Impersonating The Domain Administrator via SQL Server

A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. Using the SQL server I impersonate the domain administrator account without any passwords or password hashes being known or extracted. It also demonstrates the risk […]

Read More
Nov
4

Top 5 Common Issues – Article

Top 5 Common Issues – Article

A recent article I wrote for 7Safe (November 2010). It is a management level summary of the top 5 most common ways into networks I find when conducting internal infrastructure testing. Click the image below to read the full article. Tweet

Read More
Oct
28

Iphone OS 4.1 Pin Code Bypass

Iphone OS 4.1 Pin Code Bypass

A demo I made for 7Safe of the recent bug within OS 4.1 on the iPhone. This allows a locked phone to by bypassed giving access to contacts, recent calls, viewing of photos and making calls/voicemail etc. Apple should be releasing OS 4.2 to address this issue. Tweet

Read More
Oct
23

Own With An iPhone

Own With An iPhone

Something a little bit different here… You expect to see all hackers with a laptop right….? Think again!. Tweet

Read More
Oct
15

Real World Pen Testing Demonstration

Real World Pen Testing Demonstration

A recent hacking presentation I gave in London for 7Safe demonstrating client side exploits, pivot attacks using Metasploit. Tweet

Read More
Sep
24

Print Spooler Exploit – MS10-061

Print Spooler Exploit – MS10-061

This is an interesting exploit. No client interaction is required. This exploits the print spooler on target systems by submitting a job into the schedule which then executes as SYSTEM. Microsoft ref MS10-061. Tweet

Read More
Sep
10

Client Side Adobe Acrobat PDF 9.3.4 Cooltype Exploit (0day)

Client Side Adobe Acrobat PDF 9.3.4 Cooltype Exploit (0day)

The very latest Adobe Acrobat Reader 9.3.4 (as of today 10th September 2010) is vulnerable (plus earlier versions) to this cooltype sing exploit. No fix as yet. Tweet

Read More
Sep
3

DLL Hijacking Client Side Exploit

DLL Hijacking Client Side Exploit

There has been lots of recent press relating to DLL hijacking. I have tested this out and created a video demonstration to help clear this up as slightly confusing. This is a client side exploit so the user must browse the SMB share or the HTTP server. There is no so called patch from Microsoft […]

Read More
Sep
3

Apple Quicktime Client Side Exploit (0day)

Apple Quicktime Client Side Exploit (0day)

A nice little client side exploit here. Download the very latest Quicktime version from Apple.com 7.67.75.0 (3rd Sept 2010) and check for updates to ensure you have the latest version….It is fully exploitable!. Within Metasploit it creates a webserver that the client must browse to, once the client browses it exploits a vulnerability within Quicktime. […]

Read More