Persistence via Creating a Windows Service
In this scenario, we assumed that we have a reverse shell to the victim’s machine and want persistence on the machine. For this, we will use Windows services. First, we start with creating a malicious .exe file called mal.exe with msfvenom. With this payload, we will be able to create a service running our malicious executable. As the second step, I need to download…
Embed Payload in PDF File
In this article, I want to show you how to embed payload in PDF with EvilPDF tool. By the end of the article, you will be able to embed payload in PDF, and get a reverse shell from the victim, hopefully 🙂 EvilPDF is a Linux tool made in python and used to embed payload in PDF, and also have capability to launch a…
Solutions for TryHackMe Password Attacks Task 5: Offline Attacks
This is the solution for TryHackMe Password Attacks Task5: Offline Attacks. The only tool is used in Task 5 is hashcat and it is a password recovery tool. The tool has both Linux, OS X and Windows versions. Let`s check the questions in Task 5; 1 – Considering the following hash: 8d6e34f987851aa599257d3831a1af040886842f . What is the hash type? For checking the hashtype of a…
A New Multi-OS RAT?
A threat actor calling herself as ‘0xFF’ advertised a new RAT in HackForums. According to the threat actor, this new RAT tool is supporting Windows (amd64, i386, arm, arm64), Linux (amd64, i386, arm, arm64), Darwin (MacOS) (amd64(Intel), arm64(m1)) and Android (bin) (amd64, i386, arm, arm64). This Multi-OS RAT has features below; – No need to lower AV settings to keep running – Everything is…
Importing Module in Powershell
Modules are typically work in Powershell directly. “Get-Module” command can be used to see imported modules. “Get-Module -ListAvailable” command show the modules available. For the additional modules we want to use, we should import them first. Once we import the module, we can use its all commands anymore. We will add PowerSploit as example. PowerSploit project is a project no longer supported but sometimes…
Subdomain Enumeration
Subdomain enumeration is an information gathering technique. It can be used to define the all sites opened to the internet in a company. In large organizations, it is very common to have some forgotten websites that having vulnerabilities or some sensitive data. So, subdomain enumeration also important for bug bounty. The first technique is searching for passive dns information. There are a lot of…
New Tools of Kali
Kali Linux 2021.2 is released with some new tools called Kaboxer and Kali-Tweaks and some cosmetic changes. Kaboxer provides dockers to use applications that they cannot work in newly OSs anymore or need isolation. Kali-Tweaks is a tool that makes it easy for users to configure their OS. Users can customize their Kali easily with Kali-Tweaks. There are also some more differences in new…
Ingress Tool Transfer (MITRE ATT&CK T1105)
Attackers may need to download some tools to perform different actions on victim machine. Mostly, these can be some tools to help scan networks to move laterally, or make the attacker permanent on the victim machine. Whatever itself, there are many ways to do it and all of them are very easy to perform. Here, my victim machine is a Windows 10 client, and…
How to Install Metasploit on Ubuntu
If you are familiar with infosec, you must know already what Metasploit is. So, I will not explain it here again. Metasploit is a predefined tool in Kali but if you use Ubuntu like me, it is better to install Metasploit on it even if switching to Kali for using. It is very easy to install Metasploit on Ubuntu (all versions). Firstly, you must…
C&C with Empire – A Mitre Att&ck T1071 and T1086 Demo
“.. a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. It premiered at BSidesLV in 2015.” ReadMe file of Empire Empire is a publicly available…
Credential Dumping – Attack and Defense Techniques (MITRE ATT&CK T1003)
Credential Dumping As MITRE says on its website, adversaries dump credentials to obtain login credentials to perform lateral movement when they got access to a computer. Several tools and techniques may be used to dump credentials of a computer. Here, I will try to show two different credential dumping techniques and prevention of it using FireEye’s Endpoint Security product, as a quick demo. lsass…
Dark Web; Anonymity and Privacy
While talking on Dark Web, one is the most confused concepts with Dark Web is Deep Web. But first, I want to touch Surface Web. Surface Web is the indexable part of the internet. This includes all websites that you can find via search engines like Google, Yahoo, Bing, etc. Deep Web means everything else. It is everything on the internet that cannot be…
Creating Wordlist for Brute Force Attack
Brute force is an old attack technique but it can be still gold. For brute force attack, we need a wordlist/password list that will be tried by the tool we use, including possible passwords. Then, the tool will try thousands of these passwords per second. This is also referred to dictionary attack. The stronger your list is, the more successful you will be on…
TOR As A SOCKS Proxy
Almost all applications and web sites are trying to learn who we are and what we are looking for on the internet. These informations are being used for many different reasons like advertisements and to detect malicious attempts. Again, for many reasons, it is very important to surf internet anonymously. Tor is used for anonymous surfing all over the world. It is free to…