The other day, I mentioned the importance of documentation and it got me to thinking about screenshots -- and from there, to EyeWitness.  The description for EyeWitness states:  "EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible."

I've used it to take screenshots of websites, not much else.  You feed it a list of URLs, point it to that list, and it will create clean screenshots of whatever you feed it.  

Then I got to thinking -- if only it could....

Before I get to this little hack-y script, let me mention an error that you could possibly get when running EyeWitness.  This could be on an existing Kali machine or even a brand new install.  If you happen to see:

Read more: Automating EyeWitness

While browsing around various sites the other night, I found a site that had a long list of recommendations for "command injection" test beds.  From that list, Seattle, was the most recent.  I downloaded it, moved it into Virtualbox, and started to take a whack at it.  

Having spent a decent amount of time poking around, I would recommend this to anyone looking for easy pickings as far as web vulnerabilities, cross site scripting, SQL injection, and a juicy target for full exploitation with SQLMap.  There's something for everyone!

Kicking off with an Nmap scan:

Read more: Sleepless in Seattle

I've been playing around with VirtualBox which has enabled me to load up servers that I was previously unable to get working in my 'go to' hypervisor.  With a variety of servers to practice on with varying degrees of difficulty, this has been beneficial if for no other reason than because it allows me to take 30-60 minutes, focus on an easier box, write it up, and then move on about my day.

In that amount of time, I can stay focused, with few interruptions, and follow the thread wherever it leads me.  I often find harder boxes, requiring more time, will seem much harder than reality only because I lose my concentration, lose my place, and sometimes there are large gaps in time between where I left off and where I begin again.  So much so that I often scrap all of my notes and start from the beginning.

Bottom-line -- the more variety we get, the more well-rounded we'll become. 

Read more: Fowsniff

Prior to Remote Desktop, we used PCAnywhere to remotely connect to computers but it was a pay product and typically reserved for just the one server or just the one computer.  Then Remote Desktop came along and changed everything.  We were able to connect to almost any computer -- anywhere, as long as we had a static IP address and we opened port 3389 to the Internet.  Obviously, this was prior to the proliferation of the Virtual Private Network (VPN) and opening a port directly on the Internet was how it was done.  

But we can't have nice things. 

People started poking at our public facing resources and we were forced to move them to another port .  That worked for a brief time but then our resources were once again found.  When firewalls became sophisticated enough, we eventually moved them behind the firewall with rules to allow for specific access.  Then VPN's came along which changed everything.  And that seemed to hold us for a while.  Eventually, the attack model changed and bad actors stopped coming through the front door.  

Read more: Duo RDP Installation Guide

Continuing on with the "Command Injection" theme, we take a look at the Bulldog Industries website which claims:

"Bulldog Industries recently had its website defaced and owned by the malicious German Shepherd Hack Team. Could this mean there are more vulnerabilities to exploit? Why don't you find out? :)"

Skipping ahead, the congratulatory message states there are two ways to root this box, I found four.  I believe I know which are the two intended and when we get to that part in this post, I will point them out.

As a side note, I'd like to point out that I sort of rushed through the documentation and when I went back through to write this up, I realized I'd been careless.  Obviously, there's a difference between writing a post and writing a pentest report but clear documentation habits are a must in the latter and we should make every effort to achieve that high level of standard -- even with just a walk-through.  

Read more: Bulldog Command Injection

"This account has been hacked! Change your password right now!"

That's a pretty scary subject and it's one of the latest tactics used in spam emails which attempt to extort money from the recipient.  We've seen variations of this message which include the password but this one in particular does not.  

The message further states:

"You may not know me and you are probably wondering why you are getting this e mail, right?  I’m a hacker who cracked your email and devices a few months ago."

"Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account."

Read more: Extortion Spam