Rickroll Meterpreter Script
In order to be well prepared for April Fools day I decided to put out a rickroll meterpreter script. It defaults to looking for rickroll.mp3 in the metasploit framework root directory, but you can use...
View Articlewww.microsoft.com and hosts file wierdness. Why?
From a Windows XP SP3 machine with all patches I ping www.microsoft.com andit hits 65.55.21.250I then add the following line to my hosts file127.0.0.1 www.microsoft.comI flush dnsipconfig /flushdnsI...
View ArticleMake Windows more secure, use a blank password
Today I was attacking and pillaging a test windows machine from a linux box. Many windows machines are setup with a blank administrator password since people just hit the enter key when they are...
View ArticleFinding Old or Unused Accounts with Powershell
Recently I tried to find accounts that haven't been used in a long time. In order to do this I wrote a powershell script to get the last logon time for all accounts in the domain. The problem is, each...
View ArticleFinding Old or Unused Accounts with Powershell v2
Here is a version that was 200 times faster in my environment. Depending on the number of domain controllers it could be even faster for you. It does one big query for each domain controller and then...
View ArticleBrute Force ESX Username/Password
This script will brute force the connection to ESX. You can either give it a single username or a username file. Similarly, you can either give it a single password or a password file. You also have...
View ArticleVMware Login via AD
I put this together in order to integrate the login from VMWare into AD.NTPTo setup the ESX server for AD authentication the following steps need to be taken. NTP needs to be done first so the server...
View ArticlePowershell Ping Sweep
Ed Skoudis came up with some fantastic Command Line Kung Fu for Windows to do some basic scanning. Powershell is becoming more and more common so I decided to port these commands to powershell. I think...
View ArticlePowershell NSLookup Brute Force
Stealing two other commands from Mr. Skoudis we can do an nslookup of each host in a range.for /L %i in (1,1,255) do @echo 10.10.10.%i: & @nslookup 10.10.10.%i 2>nul | find...
View ArticlePowershell Port Scan
Ed Skoudis used the for loop to create an ftp script for the ftp command in order to do a port scan. I did an modification to it so that it didn't require the script file and no files were written to...
View ArticlePowerShell IIS Log Objectifier
This script will read the W3C Extended Log File Format with the default logging options. If you add or remove columns from your log then you will have to modify this...
View ArticleFinding Meterpreter
In our recent post on the Command Line Kung Fu blog, Advanced Process Whack-a-Mole, we tried to find meterpreter using these two commands:Windows command line:C:\> tasklist /FI "modules eq...
View ArticleGetting registry last write time with PowerShell
All registry keys have a value associated with called the Last Write Time. This is analogous to the last modification time for a file. When ever the registry key or one if its values has been created,...
View ArticleBlocking Traffic from Foreign Countries - Creating a block list of Supernets...
The following PowerShell script will create a list of supernets that are outside of the United States. The networks created by this script are intended to be used to restrict network traffic from...
View Article.NET Padding Oracle Attack, padBuster.pl, and the Microsoft Recommended...
For some stupid reason, Whenever GoDaddy sees h t t p s : / / it turns it into a link and removes the scheme. This even happens if you edit the html manually. Because of this sillyness, I've used...
View ArticleGoDaddy is teh suck
In case any of you wanted to start a blog, DON'T USE GODADDY!I know it is free and comes with a domain registration, but the blog editing is terrible. Even if you write your post in html and use the...
View ArticleClik here to view.
Extracting Access Point Names from Packet Captures
Years ago, while working as a Network Engineer, I did a bit of sniffing of our wireless access points. I noticed that some access point, mainly Cisco, broadcast the Access Point's name. I also noticed...
View Article
