TACTICAL EXPLOITATION
In April 2017 i have attended x33fcon in Gdynia Poland. x33fcon was a two-day conference and it was promoted as a purple teaming conference and it lived up to its title. Gdynia is part of the tricities (Gdansk, Gdynia, Sopot) in the south coast of the Baltic Sea and it is an ideal place for a conference as it is quiet and you can focus more on the conference rather on what is happening outside. The conference was held at […]
This is the final part on the Bloodhound series and the most important for pen testers and red teamers. Picking up from Part 2 where the results are imported into the database it is time for making sense of them and achieving the objectives of our testing. The database info table on the left shows basic information about the current database and elements included. The Queries tab BloodHound comes with a number of predefined queries. In many cases these should […]
This is part 2 of the series on Bloodhound. For setting up the database and the tool refer to Part 1. BloodHound data is done using the BloodHound.ps1 file located at: https://github.com/adaptivethreat/BloodHound/tree/master/PowerShell Clone the file and upload it to a host you have foothold. From either CMD or PS shell cd to a folder you have write access and follow these steps: Upload the BloodHound.ps1 file powershell.exe –Exec Bypass Import Module BloodHound.ps1 Get-BloodHoundData | Export-BloodHoundCSV Export the .csv files locally […]
BloodHound is a tool developed by @_wald0, @CptJesus, and @harmj0y and it is a single page JavaScript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound is developed on the interesting principle of six degrees of separation which states that all living things and everything else in the world is six or fewer steps away from each. This was brought into hacking terms as six degrees of domain admin. Source Repository: https://github.com/adaptivethreat/BloodHound Binary Releases: […]
On one of my devices, I installed a toggle switch to control the script execution. This allows me to first check on the LCD that the WarBerryPi has obtained a valid IP address before starting the execution. Installing the switch is an easy job, but it does require you to drill a hole in the case. The connection schematic is shown below. Of course, you can connect to another pin of your preference, but in my setup, I used PIN16, […]
I mentioned in the hardware requirement section that I use an LCD to display some basic information. My personal preference is the Display-O-Tron 3000, but you can use anything you like. What I like about this LCD is that it is a shield, meaning that it snaps on the Raspberry Pi pins, avoiding the need for any soldering. If you want to duplicate this setup, it is not difficult at all. Create a new file called lcd_init.sh and paste the […]
V5 of the WarBerryPi brings in a change which i wanted to implement for a long time. Result files are not automatically encrypted and remain encrypted until the decryption mechanism is used. Decrypting the results is a straightforward process which only includes running the decryption.py script and providing the correct password when prompted. The default password can also be changed from the same menu. IMPORTANT – I cant highlight this enough – The default password is 123 so make sure […]
In April 2017 i have attended x33fcon in Gdynia Poland. x33fcon was a two-day conference and it was promoted as a purple teaming conference and it lived up to its title. Gdynia is part of the tricities (Gdansk, Gdynia, Sopot) in the south coast of the Baltic Sea and it is an ideal place for a conference as it is quiet and you can focus more on the conference rather on what is happening outside. The conference was held at […]
2016 was a significant year for the WarBerryPi. It was the year that is was released (May) but also the year that it was first presented at various Cons. The WarBerryPi trips began with Bsides Athens in June and continued with Blackhat US in July, SECURE2016 Poland in October and Blackhat Europe in November. Most importantly this was the year that my little development was voted as #4 Tool of 2016 by the readers of ToolsWatch.org. http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ I hate watching […]
A lot of WarBerryPi users wanted more granularity and controls of the port scanning phase which actually makes a lot of sense. During a pen-test or red teaming engagement we want to remain covert and sometimes we have some intelligence about the network therefore more control of what we send out. Since the WarBerryPi V5 came out customising the port scanning phase is much easier. The file responsible for the configuration can be found at: warberry/src/core/scanners/portlist_config The file looks like […]