I continue to rely heavily on Bash as my go-to scripting language despite knowing I’d benefit greatly by going deep down the Python rabbit-hole. I started my journey in tech as a Linux sysadmin and have been an ardent fan of the Bash shell on Linux operating…
Something I like to do when testing a web application is to look for sensitive files that have been placed in web-exposed directories. Application administrators sometimes leave files in places they shouldn’t that contain information which may help advance your attack chain. Source code, configuration files, and…
I’ve been working with web applications quite a bit lately and have been finding myself wanting to work with proof-of-concepts in order to explore certain types of vulnerabilities and attacks. I decided to work with the Apache web-server and PHP (on CentOS) to help with my journey.…
Not too long ago I worked up an SMB credential spraying script using rpcclient. I haven’t really been using this much as I tend to favor byt3bl33d3r’s CrackMapExec when attacking SMB. On a recent engagement, I accidentally locked out a good number of Windows domain accounts during…
I’ve been wanting an efficient way to credential spray SMB servers. I typically use byt3bl33d3r’s CrackMapExec when poking SMB servers but wanted a way to rotate single users over multiple passwords and then force the process to sleep for a while (for the sake of account lock-out).…
I worked up a way to store engagement/project data in an encrypted directory. I had originally wanted to dd a blob to the current file-system and then format & encrypt it. I found an easier way to go about this using the ecryptfs-utils suite. I worked up…
I was working on some automated tasks to include in my workflow and realized I wanted to use gobuster for launching dictionary-based enumeration on targets. I was currently using dirb for this but gobuster seems to be the faster tool to use. I fell behind on my…