Abusing DNSAdmins

by Vince
in Blog
Hits: 206

"Members of DNSAdmins group have access to network DNS information. The default permissions are as follows: Allow: Read, Write, Create All Child objects, Delete Child objects, Special Permissions. This group exists only if the DNS server role is or was once installed on a domain controller in the domain."

Read more

Joomla Reverse Shell Plugin

by Vince
in Blog
Hits: 324

I thought I'd written about this previously but a quick search yields zero results.  Basically, the idea here is that we've compromised a Joomla system and we want to get a reverse shell on the underlying system.  We could modify the existing site but that's a lot more destructive, and sometimes more difficult, than just figuring out how to make a plugin.  In the example below, I've used the instructions for creating a plugin for an older version of Joomla but I've deployed it on Joomla 4 so it's still a valid method.

Read more

Offensive Phishing

by Vince
in Blog
Hits: 412

We run phishing campaigns for awareness training but we also use phishing as an attack vector.  In some instances, if we phished credentials, we would call that a success and move on.  In other cases, we would want to actually breach the environment through phishing.  If we look at MITRE, we're going to see a lot of different techniques using attachments, Word and Excel are popular.  I'm going to use an HTA file which can be constructed without the need for Microsoft Office.

Read more