Sticky Keys Persistence

by Vince
in Blog
Hits: 393

There's a function in Windows, Accessibility Options, which is available for the visually impaired.  Basically, at the login prompt, we can hit the Shift key five times and that will activate sethc.exe.  But let's say we want to abuse this prelogin function, we could copy cmd.exe in its place which would launch a command prompt, as SYSTEM, prior to login.  From there, we would create an account or perform any other privilege command prompt function.  

Read more

Stealth Persistence aka RID Hijacking

by Vince
in Blog
Hits: 422

Somehow you make your way onto a system and perhaps you want to maintain that access.  There are a number of reasons and methods for maintaining persistence and one such method is RID Hijacking.  The short of it is this -- each account is assigned a relative identifier (RID).  The Administrator account is assigned 500 and user accounts begin at 1000.  If we modify a user account and assign it the same RID as the Administrator account, for all intents and purposes, we are an administrator.

Read more

Cracking WiFi with a Pineapple

by Vince
in Blog
Hits: 350

I probably learned to crack WiFi over 10 years ago -- if you've never done it, do it, you won't regret it.  I learned on BackTrack and Kali using an Alpha antenna.  Somewhere along the way, I acquired a Pineapple... or four which streamlines the process.  Of the many times I've setup a Pineapple, I've never had it go smoothly and that's either because they can be buggy, I'm using older versions, or I just don't have the attention span when I'm setting them up.  

All that said, I'm doing an audit -- which is something I rarely do but I grabbed the Pineapple out of my bin of toys and here were are.

Read more