Occasionally, useful things fall out of my cranium and land here.
I love Sublime Text, so much so that I plunked down the cash for the licensed version because the developers deserve it. It’s super useful in so many ways, but one of the capabilities that is not included by default is “column select” mode. You’ll need to install package control for all of this to […]
Not having written much on here lately, I wanted to start a new series titled “Stupid Computer Tricks” – just little hints, tips, tricks that I’ve used over the years that might be helpful to other folks, or others early on in their careers. These aren’t designed to be in-depth how-to’s, just quick reads that […]
This may be (and probably is) documented elsewhere, but I just stumbled upon it today and my world as I know it has changed. /s CrackMapExec has been a goto tool for me, but the one thing that bothers had bothered me in the past is using screenshots of CME in a report, but having […]
This is documented here as well: https://github.com/BloodHoundAD/BloodHound/issues/113 but it took me a while to find this… If you want to run Sharphound from a PC that is not joined to the target domain, open a command prompt and run: runas /netonly /user:DOMAIN\USER powershell.exe Enter the password for DOMAIN\USER: Attempting to start powershell.exe as user “DOMAIN\USER” … […]
This could also be called “The 1121st reason that I <3 Sublime Text.”) All of this may already be well known, but I didn’t see too many references to it (if any), so I thought it would be helpful to share… So the scenario was that this client had most of their externally facing portals […]
TL;DR: WWHF is awesome and you should go. I had the pleasure of attending the 2018 Wild West Hackin’ Fest this year, put on by John Strand and his team at Black Hills Information Security. This ended up being a 2.5 day conference and well worth the journey out to Deadwood South Dakota. The […]
During a recent pentest, I encountered a Dell 2335dn printer which did not have any admin credentials set (the default). After authenticating with the username “admin” I began to poke around to see if there was an ldap server or smtp server configured that I could exploit (See: https://hackinparis.com/data/slides/2014/DeralHeilandandPeterArzamendi.pdf for some good info on printer exploitation) […]
Took a stab at box 2 of the billu series on Vulnhub. I’m not sure if this is was the intended method for root, but here it is either way. I’m going to revisit it to see if there are others as well… NMAP returns: Nmap scan report for 192.168.52.187 Host is up (0.00022s latency). […]
File this under “Hmph…I did not know that” and “…really?” I read this post over at the BHIS blog the other day, and had no idea about the whole port 70,000 thing. So I had to see for myself… You learn something new every day…
One of the things that pentesters will do during an engagement is generate a list of potential usernames to use in various attacks on the target organization. There have been several utilities developed over the years which attempt to gather this info from LinkedIn, but I have not had great success with them for one […]
Gerren Murphy 2020 | All Rights Reserved. Powered by WordPress