If you want to test the egress controls from a client environment the best way to do this is setup a VPS which simulates all ports open. This is rather easier to do especially if you have SSH enabled as you can forward all ports to TCP 22 using iptables as shown below: iptables -A… Continue reading Simple Egress Testing via a VPS

Going from a normal domain user to a highly privileged MSSQL Service Account can sometimes be pretty easy with the following Metasploit module: auxiliary/admin/mssql/mssql_ntlm_stealer I have been using this method of escalation when various other methods fail, but also MSSQL databases can often be where the clients personally identifiable information (PII) is held and shows… Continue reading Using MSSQL NTLM Stealer to Get Highly Privileged Domain Creds

A colleague @davehardy20 and I came up with this from an idea I had, it gives an Interactive PowerShell session from Metasploit, using newly developed Metasploit payloads. Check out the blog post here for more information – https://www.nettitude.co.uk/interactive-powershell-session-via-metasploit Enjoy

Hey, I’ve been working with a few large clients and needed to search a lot of network shares with a standard user account to see if the shares looked dangerous or overly permissive for the user, e.g. an Admin share has full everyone permissions and the user can capture sensitive data. To do this I’ve… Continue reading Python Share Enumerator

Hey, Needed to parse an Nmap scan really simply and couldn’t find anything useful so I created a simple c# application to do it. Thought others might find it useful, here’s a screenshot of the beast at work. NmapParser  

I have been making a few programs in c# for parsing nessus and while these have been really good I wanted to expand my knowledge and create a python parser so that I can edit and change it on the fly while pentesting to get any specific information that I need or require. For example,… Continue reading Nessus Parser in Python

Recently I was testing an Web App that made use of AES encryption to generate tokens. I put together my own proof of concept code to generate the tokens and to decrypt the tokens using pycrypto. The code reads in strings from a separate file and then uses the Key and IV with the AES… Continue reading Python AES Web Token Generator

Hi folks, I slightly updated my program to show a few extra bits of information about the service. Firstly it now shows whether that user can stop and start the service, including the running state. Also it now shows the permissions on the parent folder incase these are different to that of the binary. Happy… Continue reading Service Permission Checker (service-perms.exe)

Hi Everyone, I know there are quite a few tools that do similar to this already but I wanted to create my own and just output all this data to an HTML file ‘simples’. So basically this outputs a file called report.html and lists all the services and permissions on those binaries. It also has… Continue reading Service ImagePath Permission Checker

Hi, When testing I always find myself doing more advanced exploitation on boxes and mostly use metasploit to do all these tasks, however I always forget the exact syntax for creating a metasploit payload and then setting up a multi/handler. Obviously there is a load of easy ways to do this but I thought I… Continue reading Metasploit Payload Generator Script – paygen