Kautilya Video
As my first blog post, here is a video for Kautilya. Kautilya is a toolkit developed by me which contains some payloads for Teensy USB Micro-controller device which ay be useful to penetration tester.I...
View ArticleClik here to view.
Remote Code Execution on SkyMobile VTI Server
Recently, I got access to management web console of a new to me product called SkyMobile VTI Server. The web console itself was enough to allow complete access to the system as it was running with...
View ArticleClik here to view.
Bypassing (?) End Point Protector 4 blocking of Teensy
One of my friends shared with me a news about some end point protection solution called End Point Protection 4. The news article highlights that Teensy and Teensy++ board can be blocked using this...
View ArticleClik here to view.
Teensy USB HID for Penetration Testers - Part 1 - Introduction and Arduino...
My first blog post after two back to back awesome conferences Black Hat Europe and Troopers. At Black Hat Europe I conducted a workshop called Teensy Programming for Everyone. The workshop was well...
View ArticleClik here to view.
Teensy USB HID for Penetration Testers - Part 2 - Basics of Arduino and Hello...
In the first post we installed Arduino Development Environment (ADE). Now lets have a look at basics of Programming Teensy using ADEMake sure that proper board is selected from the menu. Then choose...
View ArticleTeensy USB HID for Penetration Testers - Part 3 - Programming sketches in...
In previous post we saw very basic usage of Arduino Development Environment (ADE) and ran our Hello World using Teensy. Let's have a look at doing something more with Teensy and ADE.You know that there...
View ArticleClik here to view.
Teensy USB HID for Penetration Testers - Part 4 - Kautilya
In third part of this series, we discussed how to write sketches using Arduino and Teensyduino. In this part, let's have a look at Kautilya. Kautilya is a toolkit written by me which helps in easing...
View ArticleClik here to view.
Fun with Sticky Keys, Utilman and Powershell
Recently, carnal0wnage and mubix blogged about sticky keys. I have implemented this in Kautilya and found this usefult during many internal penetration tests.I thought of playing more with this and...
View ArticleClik here to view.
PowerShell Web Access: What could possibly go wrong?
I recently started playing with PowerShell Web Access. It is a nice feature of PowerShell 3.0 and could be really useful in enterprise environments. This post is result of my experiments with this...
View ArticleClik here to view.
(Introducing) Nishang : PowerShell for Penetration Testing
I have been using PowerShell in penetration tests for some time now. It is a really powerful shell and scripting language which gives you access to interesting things on a Windows machine. There are...
View ArticleKautilya 0.3.0 Released - Breaking Mac OS X with USB HID and much more
Previous update of Kautilya was a couple of months back. I was travelling a lot and working on Nishang in spare time. Only a trickle of effort was given to Kautilya. Anyway, I invested the past...
View ArticleClik here to view.
Teensy USB HID for Penetration Testers - Part 5 - Advanced Windows Payloads...
This is the fifth post in the series of Teensy USB HID for Penetration Testers. Sorry for the gap between this and the last post (almost three months). I was not sitting idle though, I released...
View ArticleClik here to view.
Kautilya 0.4.0 - reliable payload execution and more
Kautilya 0.4.0 would be more reliable than ever (at least I intended so). There has been a major change in the architecture thanks to this awesome post by the Offensive Security guys. Large parts of...
View ArticleNishang 0.2.0 - More PowerShell awesomeness
Behold world, I give you a new and shiny version of Nishang after a long gap :) I have been using PowerShell more and more by each pen test so expect even more awesomeness.This is a major release and...
View ArticleClik here to view.
Command Execution on MS SQL Server using PowerShell
One of my favorite "vulnerabilities" during Pen Tests is easy/guessable password for "sa" on MS SQL server with mixed authentication enabled, it means instant pwnage. Though a bit hard to find nowadays...
View ArticleClik here to view.
(Quick Post) Check if your payload is running inside a VM using PowerShell
I was trying to improve some existing payloads of Nishang and Kautilya. One idea was to enumerate the environment in which the payloads would be running. I decided to start with detection of Virtual...
View ArticleClik here to view.
Introducing Prasadhak: Check running processes for known malwares using...
Once during a pen test, I got a complete acess to a box. It was a Windows 2008 server in a really bad shape. So bad that I wanted to check it for malwares as I was not sure about the integrity of the...
View ArticleNishang 0.2.5 Released: Get WLAN keys in plain, Remove update and bug fixes.
This is a short & quick post about Nishang 0.2.5. Two new payloads which are borrowed from other sources (and went unnoticed for months lying in one of my VMs) have been added:1. Get-WLAN-Keys...
View ArticleClik here to view.
Poshing the hashes: Using PowerShell to play with hashes
What do Pen Testers generally do after dumping hashes (or creds)? I asked this question during my workshop at BlackHat Europe. The answer was use of tools like psexec (independent or msf) to replay or...
View ArticleKautilya 0.4.3 - New exfiltration methods, faster payloads and call for...
While using Kautilya in penetration tests, one shortcoming of Kautilya always bug me. It is data exfiltration is with pastebin only. Specially with Keylogger module, the support only for pastebin...
View Article