I came across a Mcafee EPO server not long ago and found that during an on host review it stores the SQL database connection details and encrypted password in a file within the EPO directory, “/conf/orion/db.properties”. The password is encrypted with a statically known key that is used on all EPO deployments of a similar version.
The good news is there is already a metasploit module created in which someone has kindly went to the effort to extract the encryption key.
Sometimes you come across someone elses blog and think that’s pretty cool I should go build that…. well I came across Exfiltrate Files With DNS and found it rather interesting – the link can be found here http://16s.us/dns/. I decided that I really wanted to build this and make it work. I already have a… Continue reading File Exfiltration Through DNS + Pycrypto
Enabling Oracle Support in Metasploit on Kali Linux Hey Again, (Update for Kali Linux) So the other week I was having major issues with my Oracle tools and could not get the latest version of Metasploit to fire exploits or auxiliarys at any Oracle service. I spent lots of time browsing the internet for forums… Continue reading Enabling Oracle Support in Metasploit on Kali Linux
Hey Guys, The information within this post is not new and there will be many other posts that cover similar material. However after having had a number of conversations with other pen testers it is not always something that is utilised during testing. For that reason I decided that this was something that I wanted… Continue reading Whacking NETLM and NETNTLM hashes
Hey Guys, Here is a few tweaks that I have found from various posts on the internet. It allows you to tweak your msfconsole to look differently and tell you important information on the fly whilst hacking: What you LHOST IP address is How many jobs are running How many exploits are running Date/Time To configure this… Continue reading Metasploit Resource Scripts and Startup Tweaks
Happy New Year! Its been bugging me for a while now that Ubuntu have removed the support for SSLv2 in Openssl as standard. If you are unsure whether your openssl has support for SSLv2 try running a simple sslscan on your own Apache server like this below: Once you are sure your openssl is not compiled to… Continue reading Enabling SSLv2 for Ubuntu 11.10 & 12.04
Hey Guys, I was messing with file permissions on windows the other day and needed a quick way to obtain file permissions on certain directories or complete drives without the need to upload new tools etc. Also I wanted the output in an easy, readable manor so I thought CSV would be a good way… Continue reading Simple but Effective CACLS on Heat with PowerShell (PS)
Hey Everyone, Firstly I would like to say that I did not find this vulnerability, I mearly coded a working exploit that allowed full pwnage and meterpreter shell to the targeted system. The way in which the exploit works is by telling the service that it requires an update and you supply the installation executable… Continue reading HP DataProtector <= v6.20 Vulnerability
So, Recently I have spent alot of time on Local Lockdown testing and 98 times out of a 100 they allow VBScript to be run. Very bad mistake. With VBScript it is possible to do lots of wonderful this that a normal locked down user wouldn’t, i.e. Access Registry Execute Programs Get File Permissions Query… Continue reading VB Script!