I wanted to implement a simple server that would register source IPs which it was ping from and display it back to me. This way i wouldn’t have to spin up an instance each time I want to test a remote execution vulnerability on a box I’m testing.
Scenario: I’m testing a box with potential remote code execution and I want to quickly confirm it with making that box ping my server. In order to confirm it, I’d need to spin up an AWS instance and monitor pings, and this takes some time to set up. Alternatively I’d need to…
Genymotion is so far my favorite Android emulator. It’s both powerful and easy to use. It’s widely used by developers because it’s way faster than Android Studio emulator. Genymotion instances work right out of the box, however there are quite a few steps to set it up for smooth application pentesting and intercepting traffic with Burp.
Before we begin, Genymotion is based on VirtualBox. So you can preinstall it prior to setting up the emulator.
Once you go through the installation process, you can setup a proxy for all the future virtual devices. …
After returning from DefCon I wanted to make sure my iPhone is not communicating with any sketchy servers out there. So decided to run a quick tcpdump on the traffic and here is how to do it:
First you need to install Xcode. Once you create a project and connect your iPhone, choose your device in the devices tab and click “Trust” on your phone.
Then move to iTunes and click on Serial Number to find the UDID of the device.
It’s not uncommon that VPN connection to our client’s boxes either breaks mid testing or is blocked by some firewall or IDS. SSH tunneling can be used as a back up connection to already existing VPN connection or as a decent lightweight alternative.
Things we’ll need:
First, we need to set up the AWS instance to use as the initial jump box:
adduser revconnect(or whatever user name) and give the user sudo privileges:
usermod -aG sudo…
Look for the exploit you want to add:
searchsploit sonicwall 188.8.131.52-14sv Make a note of the path for the exploit.
Next, you would need to create a folder in the
.msf4/modules directory that correlates with the path in exploit-db. So in this case I will add
Go to your newly created folder and copy the exploit:
cp /usr/share/exploitdb/exploits/cgi/webapps/42344.rb /root/.msf4/modules/exploits/cgi/webapps/
Make sure that you specify both, the root path (its specified right underneath the title “Path” in the searchsploit search output) and the relative path.
I perform network penetration testing from headless Kali boxes. This is limiting when I want to test internally available web apps. I can get away with SSH tunneling (aka port forwarding) for basic applications or RDP interface but it quickly becomes a pain once you start interacting with dynamic content and especially with redirections. And thats where the Squid proxy comes in handy. So the goal is to run internally available web pages that were found during the assessment through the instance of Burp Pro on my local machine.
My environment for this setup: MacOS, Burp Suite, Tor service, Firefox browser and brew.
/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)
Here is the link in you need more information on brew: https://brew.sh/
brew service start tor. If you do
brew service listyou should see tor running:
DD-WRT does not support repeater mode for Atheros chipset based routers. Hence you will not find Repeater and Repeater Bridge options under Wireless Settings. You can still however achieve similar result with Client mode connection. It won’t be as seamless as it would be in Repeater mode though, you would be connecting to a different network in this case. First, you will be creating a wireless link between the remote AP and the DD-WRT router on the physical interface so that the DD-WRT router can join the remote AP’s network as a client. Then you will configure a virtual Access…
I found running BeEF from Kali VirtualBox inconvenient because it requires port forwarding from VMnet, then LAN uggh… You’d really want to connect directly with BeEF. So there.
sudo apt-get install ruby-full
config.yamlfor “Host Name / Domain Name”
What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you’ve read the email, and which device you used to read it. But in a new paper we find that privacy risks of email tracking extend far beyond senders knowing when emails are viewed. Opening an email can trigger requests to tens of third parties, and many of these requests contain your email address. …