Expliots & Pentesting

Mr Robot:1 CTF Walkthrough

  Mr Robot: 1 CTF (Capture the Flag) is a downloadable Virtual Machine from Vulnhub.  Which is a site that has purposely built Virtual machines for you to hack. Each one varies in difficulty and allows you to hone your skills and even pick up new ones.   If your interested in giving it a go yourself, this Virtual Machine can be downloaded here https://download.vulnhub.com/mrrobot/mrRobot.ova Description: Based on the show Mr Robot. This VM has three…

Hacking Digital Billboards

About a month ago a member of hack forums called Gangs posted a tutorial on how to hack digital billboards with a simple SQL injection, I thought it cant be that simple and tested it out myself, To my surprise, even in 2016 SQL injection is still a valid attack vector on sites connected to the internet, I’m guessing that’s why its still in the OWASP (Open Web Application Security Projects) Top 10. Click this…

Magic Unicorn V 2.0 PowerShell Downgrade Attack

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and josh Kelly at Defcon 18. Usage is simple, Just run Magic Unicorn (ensure Metasploit is installed and in the right path) and magic unicorn will automatically generate a powershell command that you need to simply cut and paste the…

Using Microsoft Tools To Dump Password Hashes

Surprisingly Microsoft supplies you the tools that allow you to dump the lsass.exe and then you can use Mimikatz on the dump file to get a shit load of goodies. Tokens, Plaintext cached domain credentials, etc. Download Psexec and Procdump Copy both the Psexec and Procdump zip files to the computer that you want to dump the lsass from and extract the contents of the zip file. open up command prompt and move to the folder where…

Scroll to top