The lack of native commands for simple downloading of pentesting tools in Windows is often bemoaned, especially in comparison to linux where commands like wget are generally installed and easy to use.# The first port of call is to use Powershell but that isn't always possible in earlier version of Windows, and I've been told you cannot do it easily via Windows command line. It turns it out it's pretty simple if you do it via webdav. First you need to set up webdav on a server somewhere. You can set up webdav on your Kali machine using widely available instructions. Here I used a free Continue Reading
HackTheBox: Arctic – Walkthrough
Initial Enumeration So a Windows box with 3 ports open. Port 135: RPC There is a vulnerability for XP boxes for RPC on 135 and MSF has an exploit for it but it didn't work. Worth a shot but not this time. I suspect that port 49154 is the higher port associated with the RPC Port 8500: fmtp? Google seems to think this is Flight Message Transfer Protocol. I tried connecting via netcat but didn't get much. Curl produced a result though: So an HTTP service. Let's see what it looks like in a browser: I recognise those directory names from ColdFusion penetrations done Continue Reading
HackTheBox: Waldo – Walkthough
Initial Enumeration So we have a linux box with 2 open ports and a filtered port. Let's check out the ports in turn: 22/OpenSSH 7.5p2 Not much use at this stage. No known exploits for it and no usernames to even brute force 80/HTTP nginx 1.12.2 Browsing to the site shows: It's a Where's Waldo (that's Where's Wally to us Brits) themed site with a web app called List Manager. If you click Add List, a list is added and given the next number in the the sequence. And you can delete it with the Delete button. Viewing the page source we can see it uses a Javascript function called list.js and we Continue Reading
HackTheBox: Lame – Walkthrough
Initial Enumeration Quick syn scan: Wider and deeper scan: A quick note on the scans: I generally do basic nmap scans and then use unicornscan for wider port scans because it's so much quicker, especially with UDP. However HackTheBox VPN appears to interfere with that. So I've been ammending my nmap scans with the T4 timing and --max-retries which seems to be a reasonable alternative. The -p- means ports 0-65535. Without the other settings I've founds all ports scans to take a ridiculously long time. Unfortunately it still doesn't make all-ports UDP scans quick enough so I tend set one Continue Reading