Aug
11

Token Kidnapping’s Revenge

Token kidnapping returns! You may remember back in 2009 a token kidnapping issue was discovered and exploited by Cesar Cerrudo. This allowed you to impersonate a service in use running as a higher service account (network service to system) and compromise the server. This was patched by Microsoft in April 2009 – MS09-012. Cesar is […]

Aug
2

Microsoft LNK Exploit – MS10-046

Great little client side exploit. It exploits a vulnerability in the LNK process and uses Webdav to run the exploit. Patch released (August 2nd 2010) MS10-046 – CVE-2010-2568 http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx Affected Operating Systems: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 […]

Jul
19

Tomcat Server Shells

A couple of methods you can use to gain a shell through a Tomcat server when you find weak credentials. Method 1). Uploading a .war (jsp) command shell direct in the web manager. Method 2). using Metasploit to gain a reverse shell. Tweet

Jul
19

Client Side Aurora I.E Exploit

Client side exploit Internet Explorer 6 on Windows XP using Metasploit. MS10-002. Tweet

Jul
17

Welcome

Welcome to the new website….. Information will be populated here for professional penetration testers to share knowledge and tools used in the industry. Much more content to come..this idea from scratch to this stage has only been a matter of hours.. Tweet