Pivoting with Proxychains

by Vince
in Blog
Hits: 264

Let's say we have a small hole into an environment, like a web server sitting behind the firewall with a port open to the Internet.  We compromise the web server and from the web server, we can see other targets in the environment but we are unable to see those targets directly from our attacking machine.  We need a way of pivoting through that web server in order to attack those targets and that's where we can use Proxychains. 

In this first image, I'm getting ahead of myself a little bit but I wanted to paint the picture. 

Read more

Vulnhub DriftingBlues: 7 Walkthrough

by Vince
in Blog
Hits: 376

No description on this one but it is rated as "easy".  I would say that there are a few moving parts and you can get sucked down a rabbit hole if you're not careful.  Stick to the first thing, latch on, go from there.

We kick off with Nmap:

Read more

Stealing Firefox Credentials

by Vince
in Blog
Hits: 242

I frequently give this talk titled:  "Securing Your Small Business" but the content of the talk actually applies to both small businesses and individuals.  The gist of it is basic security hygiene and one of the topics I discuss is passwords and password managers.  In that part of the talk, I show how a password manager can auto-populate the fields of a login.  One of the comments I would frequently hear -- turned into a slide.  The comment:  "My web browser can do that."  My reply:  "I can steal your browser passwords."  And I typically follow that up with something along the lines of it being "trivial" and that I'm unable to easily steal passwords from password managers.  That pretty much sets up this post...

Read more