Thursday, September 28, 2017

Py2Exe

A very good utility which might come handy in a pentest is py2exe.

This is an extension which helps you convert the Python Scripts in to a Windows Executable program and helps you run the same without the Python Installation altogether. But yes you will require Python on the machine where you are using py2exe.

Lets see on one of the scripts that helped me create a exe file to be run on a compromised Windows machine.

python to exe

from distutils.core import setup
import py2exe, sys, os
sys.argv.append('py2exe')
setup(
    options = {'py2exe': {'bundle_files': 1, 'compressed': True}},
    windows = [{'script': "windows_test.py"}],
    zipfile = None,
)

Lets look into this closely.

If you are aware of python programming the first few lines will be easy to understand. It actually calls some of the libraries including the DistUtlis with some of the function calls.

Then we call py2exe so that its functionality can be used to create our executable.

You will see something called as bundle_files which is used to create single-file executable. There are values that can be used for that as below:

Valid values for bundle_files are:

3 (default) don't bundle
2 bundle everything but the Python interpreter
1 bundle everything, including the Python interpreter

We also set the zipfile to None so that the files will be bundle within the executable.

This approach does not require extracting files to a temporary location, which provides much faster program startup.

I will say that visit their page and i am sure that you will not be disappointed.

reference:: http://www.py2exe.org/index.cgi/

This is pretty useful.


Wednesday, September 27, 2017

Windows Virtual Machines

Hmm...Whenever you are in search of vulnerable machines to practice your Hacking Skills, all you get are Linux Machines all around.

If you are interested to do something on Windows, Microsoft has come to your rescue. They have made available some windows pre-compiled VM's for your practice. You can very well test Microsoft Edge and versions of IE8 through IE11 using these freely available virtual machines which can be downloaded and managed locally.


These are available in the following formats to use in Windows, Linux and Mac running hyper visors including Virtual Box, Vagrant, Hyper-V, VPC, Parallels, and VMware. For Mac Users, one can use The Unarchiver to unzip these files.


You can get these VM's at


https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/


Yeah the password to your VM is "Passw0rd!"

Friday, September 8, 2017

When there is nobody Talking To You (TTY)- POST EXPLOITATION

Now this is also a very critical place where we see a lot of challenges. One of them is getting an interactive shell on the compromised box but unable to run su or login.

Recently i was in the same place and thanks to the Pentesting-Monkey who has an awesome blog for this one here 
(http://pentestmonkey.net/blog/post-exploitation-without-a-tty)

If you have python installed, we all know about the famous pty.spwan TTY 

python -c ‘import pty; pty.spawn(“/bin/sh”)’

but there are situations where PYTHON is not installed. 

In such situations when nobody TTY, one should try and start EXPECT in the first place ;)

(http://en.wikipedia.org/wiki/Expect)

sh-3.2$ expect sh.exp
spawn sh
sh-3.2$ su -
Password:********
localhost ~ #

Special Thanks to Mr Pen Test Monkey as always :)

XML-RPC- NOTHING FANCY

XML-RPC- Nothing fancy about this post but can be a good read..

This has been in discussion for long on how important is this in the context of worpress security and is the inherent risk is okay to be digested..

XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism.[1] "XML-RPC" also refers generically to the use of XML for remote procedure call, independently of the specific protocol. This article is about the protocol named "XML-RPC". 

https://en.wikipedia.org/wiki/XML-RPC

There are multiple functionalities that is being used as a part of this XML-RPC.

XML Remote Procedure Call as it is called as is used for providing powers to many of these features in WordPress:

Like if you want to connect to the website using your smartphone

It is used in the context when other sites refer to your site in the form of Trackbacks or pingbacks.

But with respect to this there are also some security issues that popped up. One of them was Brute Force attacks which was because of one of functionality with respect to the system.multicall as this one allows the user(or attacker) to send multiple request on a single command.

One very awesome example was showed by Mr Daniel Cid at Sucuri in 2015: He showcased on how to bypass the blocking mechanism and bruteforce the password with some 3 or 4 HTTP request attempts.

You can read about it here (https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html)

I know this is typical solution but is also the best way which is to turn the XML-RPC off. One of the ways can be adding a deny tag in your .htaccess file or you can also use the DISABLE XML-RPC plugin by wordpress which can be found here (https://wordpress.org/plugins/disable-xml-rpc/)

Monday, August 21, 2017

DATASPLOITING

I recently decided to get my hands on the famous OSINT tool called as datasploit(https://datasploit.readthedocs.io/en/latest/#overview)

I will be posting this as and when i explore a new feature in it. 

The installation is pretty straight Forward and is mentioned in the docs as well.

here are some of the challenges that you might face. Just install the dependencies and you will be good to go.


Here are the steps

root@dragon:/home# git clone
https://github.com/datasploit/datasploit

root@dragon:/home/# sudo apt-get install python-dev

root@dragon:/home/# sudo apt-get install libxml2-dev libxslt1-dev

IF these dependencies doesnt help you get started use the below one as well along with the others you installed earlier.

root@dragon:/home/# sudo apt-get install build-essential autoconf libtool pkg-config python-opengl python-imaging python-pyrex python-pyside.qtopengl idle-python2.7 qt4-dev-tools qt4-designer libqtgui4 libqtcore4 libqt4-xml libqt4-test libqt4-script libqt4-network libqt4-dbus python-qt4 python-qt4-gl libgle3 python-dev libssl-dev

root@dragon:/home/datasploit# pip install -r requirements.txt

root@dragon:/home/datasploit# mv config_sample.py config.py


root@dragon:/home/datasploit# nano config.py

And here you have to give the API's that you have created. 

I will come back with some other awesome features of this very soon.





Wednesday, March 22, 2017

hiberfil.sys

OMG, I found a file in the root drive in my HDD which is so huge and i don't know what it does..

The files are hiberfil.sys and pagefile.sys. Though there were other files but these were the giant ones and i was really curious to free up my HDD from it.



When in Doubt.. Google it:)

After some googling i found out that the culprit is my habit of hibernating my machine very often.

The file hiberfil.sys was something which actually stores the current state of my machine and by state i mean memory.

Now to delete this file you need to disable the hibernate mode and then probably try deleting it.

Okay so where to disable it. Of course there is a GUI version of the option available. Its a good exercise to find it :):)

Lets do some command line scoring.

So open a command prompt and mind you that you have to be the obvious guy "The Administrator"

powercfg -h off


This is the command which will help you disable the hibernation mode. yes you guessed it right. the 'on' switch will help you bring back the same.

Voila the file is gone as soon as you turn this option off.




Enjoy


Tuesday, February 21, 2017

Offensive Security Certified Professional (OSCP) : A JOURNEY WHICH CANNOT BE FORGOTTEN..



When there is a doubt.. GOOGLE :)

Offensive Security Certified Professional (OSCP)

You cannot know on how much excited i am right now writing this review for one of the most prestigious examination of Security Industry. OSCP (Offensive Security Certified Professional)

Whenever I used to read a review I used to ask myself on I am ever going to write one and YES I TRIED HARDER..

This has been itching me back from the BACKTRACK days which finally ended in KALI.

Here are some thoughts of mine for this awesome TRANCE JOURNEY :)

I have been hearing about the Methodologies of PenTesting since the start of my career but came to know about its real importance through the lab environment that was provided as a part of OSCP examination. You will get complete exposure towards various steps like Reconnaissance, Enumeration, Vulnerability Assessment, Exploitation and Reporting.

And believe me by the end of 1st machine in the labs you will come to know the importance of Information Gathering and why people say that the more you know your target the easier is to attack it.

You can check out the details about the exam and things HERE

HERE is a Link to the Syllabus of the course

The course has some awesome data with respect to Kali Environment and basic LINUX scripting and administration along with some cool tools introduction as well. It also mentions about various techniques and methodologies for various phases of a pen test and gives you an awesome feeling on how an attacker actually attacks.

I was like. Seriously.... Kewwwwwwwwwwwwwlllllll....

Here are some pointers from my side:

You should concentrate on the following stuff:

  • Linux Basic Commands Administration
  • Windows Command Line(LINK)
  • Linux Command Line (LINK)

These guys are just amazing.. :)

  • OWASP Top 10 (LINK)
  • Basics of Scripting- Choose your language. Bash or python will be a good choice
  • VulnHub (LINK)

This is pretty amazing and a good place to start. There are a lot of things to learn on this link for sure :)

I would say no other certification was able to make me learn and i mean it, it made me learn stuff. And the credit goes to the Awesome LAB ENVIRONMENT. Ofcourse the exam teaches you a lot of stuff as well, one of them being able to perform under pressure.  

Some more links for your access and reference are as below:

And i totally was addicted to this website throughout my whole OSCP journey. Sometimes scared, sometimes demotivated and sometimes very motivated.. This link has it all
I will keep on adding whenever i have time :)

P.S: Don't forget to jazz up your playlist of your favorite music. It is very important :):)