I don’t see a whole lot on the forums about owning printers during a pen test, so I figured I’d post some stuff here. First, printers are often overlooked when it comes to securing a network. Why? Because all they’re supposed to do is print. You plug them in, install a driver, and so long [...]
Archive for April, 2010
Fun with printers (part 1)
Posted: 30th April 2010 by Matt in hacks, securityTags: bounce, exploit, hack, msfcli, owned, printer
1
Old school Google hacking++
Posted: 21st April 2010 by Matt in code, hacksTags: crack, google, hack, john, passwords, service.pwd
So, this is a very, very well known Google hack that I’ve automated to make life easier. It’s the simple ‘inurl:service.pwd‘ hack. Here’s the code: ?View Code PERL1 2 use LWP::UserAgent; use HTTP::Cookies;
Nmap’s NSE ‘smb-check-vulns’ script
Posted: 21st April 2010 by Matt in hacks, securityTags: exploit, hack, MS08-067, owned, pen test, security
While I was waiting for my brute force attack to complete against the PDC.. I needed to find another way in that wasn’t going to take forever. So, while that was running.. I used the NSE ‘smb-check-vulns’ script to see if there were any systems on the network that the admin neglected to patch.
Enumerating Windows users via SMB
Posted: 21st April 2010 by Matt in hacks, securityTags: ad, brute force, hack, hydra, nmap, pdc, pen test
I’m doing a pen test on a Win2k3 server and I’ve thrown the kitchen sink at this box, but to no avail.. so, I decided to result to brute force. First thing I need is a list of users on the box. It’s the PDC running AD, so there should be quite a few. Lets [...]
Malware/Spyware and your credit card.
Posted: 15th April 2010 by Matt in hacks, securityTags: card, credit, fraud, hack, malware, spyware
So, I’m going through my RSS updates and come across a post entitled: Stillwater credit card users hit by worldwide theft Some people suspect professional hackers because bogus cards were created so quickly and spread so far. (Click here to read the entire article)
ARP Poisoning and Man in the Middle Attacks [part 2]
Posted: 3rd April 2010 by Matt in code, hacks, securityTags: crack, hacking, key, network, passwords, WEP, wiress, wpa
Well, we’re on to part two. For part two of this post, I’d like to talk about wireless vulnerabilities and how the Man in the Middle (MitM from now on) attack comes in to play on a wireless network. Most of us have, or have used, a wireless network. There are, essentially, two different types. [...]