Cracking Hashes with Colabcat

by Vince
in Blog
Hits: 397

Necessity is the mother of invention Googling.  I had an issue with Hashcat.  Technically, according to Hashcat, I had an issue with my graphics card.  Whatever the issue, I was unable to crack a Kerberos hash and while I was hunting for a solution, I discovered Colabcat.  According to the description:  "Run Hashcat on Google Colab with session restore capabilities with Google Drive."

Read more

WordPress Smuggler

by Vince
in Blog
Hits: 527

When attacking WordPress, I will typically upload my WordPress Reverse Shell Plugin once I take control of the admin interface.  Upon getting a shell on the system, I will then move my tools over which got me to thinking -- can I incorporate my tools into the plugin and do it all at once? The answer is YES! 

If I'm attacking Linux, I want LinePeas and possibly some other privilege escalation scripts.  I probably want an ELF binary meterpreter reverse shell.  Beyond that, who knows but that's a good starting point for this post.

Read more

DFARS Compliance

by Vince
in Blog
Hits: 903

The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of cybersecurity regulations that the Department of Defense (DoD) now imposes on external contractors and suppliers.

This is my interpretation but basically the government is tired of getting hacked through their supply chain and they've come up with a laundry list of security requirements to help reduce such attacks.

Read more