Vulnhub Hackable: II Walkthrough

by Vince
in Blog
Hits: 367

The description states "Easy" and I think that pretty much sums it up.  A few moving parts, more than a lot of "Easy" rated boxes but nothing so challenging as to takes its rating any higher.

As always, we kick off with Nmap:

Read more

Polycom SoundStatation IP 5000

by Vince
in Blog
Hits: 648

According to the description:  "The SoundStation IP 5000 boosts productivity and reduces listener fatigue by turning ordinary conference calls into crystal-clear interactive conversations."  Looks like you can still get them from CDW for about $500 although you can get them used for about $20-30.  With the latest firmware, this unit is vulnerable to cross site scripting and session hijacking.  Then again, the session hijacking part is not really required because of yet another issue but I'll get to that shortly.

Read more

Living Off the Land : Scanning

by Vince
in Blog
Hits: 438

In an ideal world, we have access to all of our tools but things being what they are, eventually we will find ourselves in a situation where we our separated from our attacking server.  Let's say you takeover a host and you need to enumerate from that host which doesn't even have Nmap?  First we need to find targets and once we find targets, we need to enumerate each target.

Read more