Kind of an interesting request that took a little bit of manipulation to get what I wanted.  Essentially, we're calling for a directory listing and we want to export that listing into a CSV file.  But we want to remove the directory path in order to get just the filenames.  In addition, instead of explicitly calling the username, I'm using the system variable.  This way, the working folder can be moved and reused on another profile or machine.  I'm also using the system date in the filename to keep the filename unique.  I'm using a .txt file because I'm lazy and I couldn't figure out how to do it in one line.  

Read more: PowerShell Directory Listing CSV Export

Gather as much knowledge as you can in order to make educated decisions.  For example, there's this idea that if we password protect Microsoft Office documents, we are going to keep people from accessing them.  I'd say that is mostly correct and when I'm done explaining how to crack the password, you can decide if what you have stored in them is protected well enough.  

First, let me state that there are commercial products that will do crack the passwords easily.  I haven't used one of those products in a long, long, time and I think a search would yield legitimate products along with questionable, possibly malware laced, products and it's not something I want to randomly download.  For this post, I'm going to use open source (read:  FREE) and publicly available tools along with the rockyou wordlist.  

Read more: Cracking Excel Passwords

"This account has been hacked! Change your password right now!"

That's a pretty scary subject and it's one of the latest tactics used in spam emails which attempt to extort money from the recipient.  We've seen variations of this message which include the password but this one in particular does not.  

The message further states:

"You may not know me and you are probably wondering why you are getting this e mail, right?  I’m a hacker who cracked your email and devices a few months ago."

"Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account."

Read more: Extortion Spam

I had so many different ideas for the title of this post because there are so many different ways to call attention to this problem.  "Too much point and click."  "Attention to detail."  "Understanding your environment."  All of these apply.  

The other day, I was playing around with (I will post on this soon!) Oracle Glassfish --  "Glassfish is the world's first implementation of the Java Platform, Enterprise Edition (Java EE) 6 specification."  I managed to get credentials and with that, I am able to deploy an application which is very much like deploying an application on Tomcat.  

I setup Metasploit:

Read more: Metasploit Mistakes

In my last post, I talked about cracking Microsoft Office password protected documents.  In the end of that post, I suggested storing the entire document in a password manager and I also mentioned VeraCrypt.  Truth be told, I was going to link to a post that I thought I'd written for this site but I was mistaken.  I'd actually written documentation for a client specifically about VeraCrypt and for obvious reasons, I'm unable to post that document.  

Understanding what a product like VeraCrypt can do for us enables us to choose the appropriate level of security for a given situation.  If you're storing sensitive data in files, VeraCrypt could be a potential avenue for adding protection for your sensitive data if password protecting your documents isn't enough.  

Before moving on, I'd also like to mention that security is inconvenient at times -- most times.  I would love to leave my doors unlocked at my home because it's inconvenient to dig the keys out of my pocket each time I want to open the door.  But that's not the world that we live in.  If you use this product correctly, you will open the vault when needed and you'll close the vault when you're done.  In other words, if you're consistently accessing this data throughout the day, you're going to open it when you come into the office and you're going to close it when you leave.  If you leave it open every minute of every day, it won't protect you much more than the file(s) living in the file system without protection.  That would essentially be the same as installing a deadbolt on your front door but never locking the lock.  

Read more: VeraCrypt Installation Guide

I can't say that I've encountered Jenkins much in the real world but when I worked with large groups of developers they worked independently of each other and Jenkins probably could have helped with that problem but I digress -- that is no longer my world.  

I've heard Jenkins mentioned in the context of pentesting larger organizations and I have two impressions:  First, it's discovered frequently.  Second, it's a sitting duck.  I don't know either to be true but I've wanted to get familiar with it.  I've seen it a few times but not in a situation where I could get a solid foothold. 

Quick sidebar -- I met a red teamer who said he wanted to go through every single exploit in Metasploit to see how it worked.  I understand that concept and this is basically what I'm doing here.  Attack as many things as you can find, become familiar with how they work, and add that knowledge to your toolbox.  It will aid you in pentesting and it will also aid you in securing these applications when you come across them.

I finally found a vulnerable version of Jenkins, version 1.637, and I wanted to work through every angle -- even if some are redundant.

Read more: Exploiting Jenkins