I think you need to use your imagination with this tool but it could be quite handy for that right spot. I think the author's description does a fine job of explaining what this tool can do: "What this tool does is taking a file (any type of file), encrypt it, and embed it into an HTML file as resource, along with an automatic download routine simulating a user clicking on the embedded resource."Let's dig into the tool and then I'll add some additional thoughts:

    The description states:  "Five86-2 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing."

    This is a friggin' puzzle box.  Fun, but definitely a puzzle box.  I enjoyed it thoroughly because I learned a new trick.  More on that later.

    First, we kick off with Nmap:

    I'm presenting at BSides College Station next month and in my talk, I'm using PowerShell as a method for enumerating the environment while living off the land.  Also in my talk, I give an example of a PowerShell reverse shell in plain form and the same reverse shell in an obfuscated form.  I don't reference it directly but the tool I use to obfuscate the shell is Invoke-Obfuscation created by Daniel Bohannon.  In advance of the talk, I want to do a little write-up on this tool in case I get asked about it -- I can then point them to here...

    Like most people, when I receive an email with a link, I do a quick check to see if the url is legit.  I'll carefully read it, then I will mouse over it to make sure that the text and the url match.  I've seen that trick a few times and I've also seen a trick where there was what appeared to be an attached Word document but instead it was an image for a URL.  That was definitely clever.  I haven't seen that one too many times but I can see a user repeatedly clicking on it -- wondering why Word wasn't opening.

    But let's say we get a link to an image.  I probably get at least one of these per day where a friend sends me to some meme or something of interest.  http:// blah blah blah / funnymeme.gif

    Consider the following -- you have a mysql database and you want to periodically backup the database to the file system.  You setup a cronjob and you have a script that performs the following task:

    mysqldump --user root --password=Secretp4ssw0rd testing > testing.sql

    Simple, right?

    Obviously, there's probably more to it -- we backup a /var/www/html directory and we probably backup that DB to a location.  And maybe we even tar.gz it up to make a neat little package.  The point though is that we've now placed the password in memory.

    Hashcat is one of those tools where I feel like I'm just scratching at the surface with respect to all of its capabilities.  Normally, I'm attempting to crack hashes with a wordlist to prove the strength of a password.  Or I'm playing some CTF where I need to retrieve a password.  In each case, I'm not brute forcing a password, I'm providing a wordlist which makes the process light years faster.  That being said, there are times when I've wanted to use a brute force attack but have shied away when confronted with reading the manual.  RTFM!

    © 2020 sevenlayers.com