"Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. It's the #1 tool suite for penetration testers and bug bounty hunters."

    When I write my posts, I like to use free tools because most of the free stuff is pretty awesome.  That being said, of the pay products, it's really hard to go wrong with Burp Suite Pro.  I think with the exception of some throttling, the pro version and free version are similar but at $400, it's not an expensive product for a business. 

    If you found yourself reading this article you probably know what a dropbox is already but to summarize, it's a piece of hardware that is either overtly or covertly planted on the network.  This particular model that I've constructed is using a Raspberry Pi Zero running Raspbian Lite.  In the diagram below, my dropbox is sitting the customer network.  It uses OpenVPN and calls home to our C2 server.  Logging into our C2 server, we can then SSH back into our dropbox bypassing all of the security measures.  What we do next depends on the engagement and this post is about the setup of the dropbox.

    So I found this new CTF hacking site, TryHackMe.  At first glance, it seems like a tamer version of HackTheBox.  I took a quick look around, hacked the first box, and now I'm paying the $10/month for my subscription because it was a good experience and I want to encourage them to grow this with my piddly $10.  The first box on the list is Tomghost so you sort of know where this is headed based on the Ghostcat logo.  If not, I don't go into detail because I just wrote about Ghostcat so you can get my full thoughts from that post.

    The description states:  "Identify recent vulnerabilities to try exploit the system or read files that you should not have access to."  So it's generic but we'll just do our normal routine.  Kicking off with Nmap:

    Before I jump into the post, let's get a definition:  "Terraform is an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision a datacenter infrastructure using a high-level configuration language known as Hashicorp Configuration Language, or optionally JSON."

    We use AWS mostly and a little bit of Digital Ocean.  The majority of the instances are created from the GUI but I've been working on a project that requires the spin up and shutdown of similar servers and that's where Infrastructure as Code comes in handy.

    I've written a few things about Empire in the past but sometime around July of last year (I think), they stopped maintaining the project.  Then BC Security picked it up and moved the ball forward again.  I liked Empire because it's simple, no nonsense, and it worked.  That said, it wasn't as stealthy as some other C2 frameworks and it was unreliable when it came to evading antivirus.  When the new project came to light, I wanted to take a look but at the same time, I questioned whether or not I'd run into the same issues.  By necessity, I needed to test Empire for something I'm working on so I fired up the new project.

    It's hard to describe this in the subject line but how many times have you been on a Windows system and typed a *nix command?  Or on a *nix system and typed a Windows command?  One could assume that an attacker might do something similar and we could take advantage of that mistake.  First, we'll need to alias some commands like ifconfig and ls with doskey.  Our macro file looks like this:

    Page 5 of 57

    © 2020 sevenlayers.com