I thought I would share a very cool device which really has improved my internet speeds. It is not security related, but often I post about things that I come across that are good. I live in quite a rural location and I am a long distance from the local B.T telco phone exchange and there no […]
Wireless Password Cracking With Cloud Clusters
Recently I have been a bit frustrated with cracking wireless keys and was looking for better ways to improve the speed. I decided to setup a Amazon Ec2 cluster to give that a go at cracking WPA handshakes and also to improve general password cracking with John the Ripper. It can be quite annoying gaining […]
Cisc0wn – Cisco SNMP Script
I have created a new script that you might find useful. Cisc0wn is simply a bash script that pulls various tools and enumeration into one simple command for ease, so is not really a tool in itself. It doesn’t do anything extra than you can’t really already do, it just saves running several different tools […]
Frogger – The VLAN Hopper
Frogger – VLAN Hopping Script Here is a little script I made that automates VLAN enumeration and hopping. Firstly it is not a tool so to speak, it is simply a bash script I put together that automates the process of VLAN enumerating and hopping end to end with interactive menus etc. It uses tools […]
ShieldPass Two-Factor Authentication
I recently came across something called ShieldPass which is a two factor authentication system that you can integrate into your website easily and more importantly cheaply. You receive a cool little credit size card that has a clear window area with parts of digits displayed. Once you add the code for this system into your website it will present an area […]
MS11-080 Local Privilege Escalation
MS11-080 – CVE-2011-2005 A great little Python script that escalates privileges and results in a SYSYEM shell. It works on Windows XP SP3 and Windows 2003 SP2. Running the script as a standard non admin user will escalate privileges to compromise the system via Afd.sys. It does require Python installed on the victims system which is […]
Customising The Metasploit Console
I came across some interesting posts about this area and looked into it more (credit to room362.com and @egyp7). There is a nice way to customise the msf> console prompt to give you some extra info. For me having the local IP address is very useful, saves time later on when using LHOST etc. For example set PROMPT […]
Unique Passwords….Maybe Not..?
Nothing new here, just some tips for when common passwords/hashes do not exist. The scenario: We have a Windows domain, all systems are fully patched except one workstation. GREAT!. We exploit the one workstation and gain a shell. We dump the hash values, then pass this hash around the network.. (with a great tool called […]
Fun With WordPress Blog
It has been a while since I have posted or created any videos, so I thought would create a quick one relating to WordPress. It is not something you get to test much in the real world, but there are some useful tools out there. Nothing cutting edge or new about the contents, but some […]