-
Recently while trying enum4linux against a Server 2012 R2 target (with credentials, null sessions are long dead), I realized that Samba tools/utilities need to be forced to use SMB3. As per the releas…
-
Global search for rpcclient. It shows that ran on port 135 but not 445
```
Searching 150 files for "rpcclient"
/results/10.129.95.210/scans/_manual_commands.txt:
13 [-] RPC Client:
14 …
-
Keypoints:
- /site: 301 in FFUF/feroxbuster result but actually we can access it
- allow_url_fopen, allow_url_include, LFI, RFI
- [PE]replace exe under backup dir.
-
Keypoints:
- [Argus Surveillance DVR 4.0.0.0 - Directory Traversal](https://www.exploit-db.com/exploits/45296)
- Get `C:\Users\\. ssh\id_rsa` file
- [PE] hash info is in C:\ProgramData\PY_Software\…
-
Hey @Tib3rius,
I have created a provisional Debian package for `autorecon` - per https://bugs.kali.org/view.php?id=7870. The following files and lines seem to annoy `apt`, where it displayed a `Syn…
-
Keypoints:
- Made a bad ODT file to to leak NetNTLM Creds (https://github.com/rmdavy/badodf/blob/master/badodt.py) and impacket-smbserver can receive NetHTLM hash info --> Use `hashcat -m 5600` or j…
-
Keypoints:
- /phpinfo --> got user name info "Shenzi"
- One useful tip for lab machines is to try out any useful keywords you’ve identified so far **to identify directories, usernames or passwords**…
-
Keypoints:
- Try POST method for endpoint --> get credential info
- pdf password crack
```
pdf2john Infrastructure.pdf > pdf.hash
john --wordlist=/usr/share/wordlists/rockyou.txt --rules=best64 p…
-
-
Hello,
I see that enum4linux is using `polenum` that (probably) requires Python2, but it is deprecated and it is a big security concern having it installed in a system.
I see this when I install i…