So it grinds my gears that every time I do a pentest I end up reporting the same sh!t every time. You’d think before I turn up you’d at least patch your kit, but nope!
Here’s a little Top 5 for sysadmins, project managers and security controllers to consider doing before I break their kit. And this relates specifically to infrastructure kit, if it’s a web application that I’m testing… Continue reading
So it grinds my gears that every time I do a pentest I end up reporting the same sh!t every time. You’d think before I turn up you’d at least patch your kit, but nope!
Here’s a little Top 5 for web developers to consider doing before I break their kit. If you also want to look after your kit the application is hosted on I suggest you read this… Continue reading
So we have found the base64 string “SGVsbG9Xb3JsZCE=” on a locked down workstation and we want to decode. Quite often we don’t have access to tools so here’s a list of ways to decode the string using various languages.
Python
12>>> import base64 >>> base64.b64decode("SGVsbG9Xb3JsZCE=")PowerShell
12PS > [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("SGVsbG9Xb3JsZCE=")) blahblahPerl
12use MIME::Base64; print decode_base64("SGVsbG9Xb3JsZCE=");BASH
1echo SGVsbG9Xb3JsZCE= | base64 --decodephp
1echo base64_decode("SGVsbG9Xb3JsZCE=");C#
12byte[] data = Convert.FromBase64String("SGVsbG9Xb3JsZCE=");… Continue reading
So I’ve been playing with the raspberry pi again lately and once again have got frustrated with the USB ports. Thus, i decided it was about time I looked into sorting them.
I wanted to add a capacitor to the USB ports to allow better hot-plugging of devices as the issues is well documented everywhere.
I decided I think the USB ports only support 200mA per port but when using… Continue reading
So the Juniper Netscreen/SSG ScreenOS password hash is a bit of a hidden mystery. I had in my hand the config of a Netscreen device and I wanted to perform a reverse of the password hashes to see if they were weak.
In this case here’s the line from the config:
1set admin user "admin" password "nAePB0rfAm+Nc4YO3s0JwPHtRXIHdn" privilege "all"John The ripper has supported Netscreen passwords since back in 2008… Continue reading