Tag: pentesting

Penetration Testing Wiki

How to disguise a covert channel with netcat like a harmless command

One of the most important steps after the post-exploitation is to cover our activities and maintain access to the target. In Linux, BSD or Unix we can easily disguise a process name to hide our covert operations. We can abuse the C function execv() to show one command but execute one completely different. In the…
Read more

How to intercept HTTPS Traffic from Android App

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: https://play.google.com/store/apps/details?id=org.proxydroid First thing before enabling the “Proxy Switch”, you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case on…
Read more

How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial. When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I…
Read more

Cracking passwords with John the Ripper

If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge “/etc/passwd” and “/etc/shadow” system files into one: Then there are two possible techniques. Technique #1: Dictionary Attack This is useful when we have a long dictionary with common passwords, so we want to audit that no user is…
Read more

How to scan ports with netcat

Sometimes when doing lateral movement in a penetration testing engagement, we don’t want to use nmap to keep a low footprint. There it comes netcat to the rescue which it is already installed in many Linux systems. With this command we can easily perform a port scanning for the most used ports: If you are…
Read more

Gadgets for Penetration Testing

Hardware gadgets http://syncstop.com/ SyncStop prevents accidental data exchange when your device is plugged into someone else’s computer or a public charging station https://usbninja.com/ USBninja

CEH certificate 2023 renewal

Certified Ethical Hacker v9 recertification

After finishing 141 ECE credits (tools, conferences, papers, vulnerabilities reported), I just got recertified… until 2023 still a Certified Ethical Hacker 😊

Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests

I just wrote a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a terminal, without writting python code. Sometimes when doing webpentesting against a ASP web application is useful a…
Read more

OSCP certification 2018

Checkmate! OSCP certification passed

I have to admit that doesn’t matter how much experience you have with penetration testing, the exam is challenging because the attack surface is big: 65535 ports x 2 protocols x 4 machines = 524,280 ports. In the fifth machine, you know beforehand which is the vulnerable port and you just have to develop a…
Read more

Google dork for iDC File Manager

iDC File Manager is a secure multi user web based File Management System, that allows you to store, manage and share every format of digital media, including, documents, images, audio, video, publishing layouts, presentations and PDF files Between you and your end users. If your Company has a requirement to distribute or share files with…
Read more