Red Team/Blue Team Practice on Wdigest

In this article, we will show you the methods of protecting your system against MIMIKATZ that fetches password in clear text from wdigest. As you know the Pen-tester and the red team uses mimikatz for testing password capacity. For the complete information on how mimikatz works visit this link: https://www.hackingarticles.in/understanding-guide-mimikatz/ Table of Contents Introduction System… Continue reading →
The post Red Team/Blue Team Practice on Wdigest appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/red-team-blue-team-practice-on-wdigest/

Bypass Application Whitelisting using Weak Path Rule

Finding loopholes is very important when you are the part of a pen-testing team. Because such loopholes are the source of hacking as the attacker will actively look for them. So in order to patch such loopholes, you must know how to and where to find them. One of such loopholes is something known as… Continue reading →
The post Bypass Application Whitelisting using Weak Path Rule appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/bypass-application-whitelisting-using-weak-path-rule/

Multiple Ways to Exploiting Windows PC using PowerShell Empire

This is our second post in the article series ‘PowerShell Empire’. In this article we will cover all the exploits that leads to windows exploitation with empire. To our first post on empire series, which gives a basic guide to navigate your way through empire, click here. Table of content: Exploiting through HTA Exploiting through… Continue reading →
The post Multiple Ways to Exploiting Windows PC using PowerShell Empire appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/multiple-ways-to-exploiting-windows-pc-using-powershell-empire/

Jenkins Pentest Lab Setup

You all know that we have performed so many ctf challenges and we got to know about jenkins there.so lets know about jenkins better. For this we are here with the new challenges which you will face performing ctf challenges.to do it in a easier way we are here with a new article.so let’s do… Continue reading →
The post Jenkins Pentest Lab Setup appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/jenkins-pentest-lab-setup/

Exploiting Windows using Contact File HTML Injection/RCE

After the 0 day exploit on malicious VCF file in windows, cyber security researcher John Page deserves another round of applause for bringing this vulnerability onto exploit-db’s eye on 23rd January 2019. This vulnerability further exploits the RCE vulnerability present in VCF with HTML injections. To read the previous article follow the link here. Introduction:… Continue reading →
The post Exploiting Windows using Contact File HTML Injection/RCE appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/exploiting-windows-using-contact-file-html-injection-rce/

BEEMKA: Basic Electron Post-Exploitation Framework

PenTestIT RSS Feed
There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework – BEEMKA can now help you in maintaining access and exfiltration. What is BEEMKA? BEEMKA is a modular,Read more about BEEMKA: Basic Electron Post-Exploitation Framework
The post BEEMKA: Basic Electron Post-Exploitation Framework appeared first on PenTestIT.

Link: http://pentestit.com/beemka-basic-electron-exploitation-framework/

Exploiting Windows PC using Malicious Contact VCF file

A huge shoutout to cyber security researcher John Page for bringing this vulnerability into the internet’s eye on 15th January 2019. This was a 0 day exploit and of course works with the latest windows 10 too. It is categorized under “Insufficient UI warning remote code execution” vulnerability. Introduction: Basically what John discovered was that… Continue reading →
The post Exploiting Windows PC using Malicious Contact VCF file appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/exploiting-windows-pc-using-malicious-contact-vcf-file/

ADAPT – Tool That Performs Automated Penetration Testing For WebApps

ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs categorized findings based on these potential vulnerabilities. ADAPT also uses the functionality from OWASP ZAP to perform automated active and passive scans, and auto-spidering. Due to the flexible nature of the ADAPT tool, all of theses features and tests can be enabled or disabled from the configuration file. For more information on tests and configuration, please visit the ADAPT wiki.How it WorksADAPT uses Python to create an automated framework to use industry standard tools, such as OWASP ZAP and Nmap, to perform repeatable, well-designed procedures with anticipated results to create an easly understandable report listing vulnerabilities detected within the web application.Automated Tests:* OTG-IDENT-004 – Account Enumeration* OTG-AUTHN-001 – Testing for Credentials Transported over an Encrypted Channel* OTG-AUTHN-002 – Default Credentials* OTG-AUTHN-003 – Testing for Weak lock out mechanism* OTG-AUTHZ-001 – Directory Traversal* OTG-CONFIG-002 – Test Application Platform Configuration* OTG-CONFIG-006 – Test HTTP Methods* OTG-CRYPST-001 – Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection* OTG-CRYPST-002 – Testing for Padding Oracle* OTG-ERR-001 – Testing for Error Code* OTG-ERR-002 – Testing for Stack Traces* OTG-INFO-002 – Fingerprinting the Webserver* OTG-INPVAL-001 – Testing for Reflected Cross site scripting* OTG-INPVAL-002 – Testing for Stored Cross site scripting* OTG-INPVAL-003 – HTTP Verb Tampering* OTG-SESS-001 – Testing for Session Management Schema* OTG-SESS-002 – Cookie AttributesInstalling the PluginDetailed install instructions.Download Adapt

Link: http://www.kitploit.com/2019/01/adapt-tool-that-performs-automated.html

identYwaf: A Tool to Help You Identify Web Application Firewalls

PenTestIT RSS Feed
I have been a fan of sqlmap for long and when the author released identYwaf recently, I wanted to try it out. Infact, all his other tools are awesome sauce too! Back to this post for now about this WAF identification tool. What is identYwaf? identYwaf is an open source, blind web application firewall identificationRead more about identYwaf: A Tool to Help You Identify Web Application Firewalls
The post identYwaf: A Tool to Help You Identify Web Application Firewalls appeared first on PenTestIT.

Link: http://pentestit.com/identywaf-identify-web-application-firewalls/