Category: Penetration Testing
-
GoPhishing Update – Autocomplete and More
I’ve updated the gophish script discussed here and here. This update includes the following features and fixes: Fixed an issue where redirections would occur immediately upon access Added option to pass in your own log file as an argument Smart(er) redirects Autocomplete Support The original script did not expect the link being accessed by the…
-
Adventures in Penetration Testing: Let’s Go Phishing – Update
Please see the original article for more information about this phishing script. This is just a minor update to some functionality that I added over the weekend. I haven’t hooked BeEF in yet, but I have added Metasploit, which can be nice. The updated version, which can be found here, can be tied into Metasploit’s…
-
Adventures in Penetration Testing: When DEP and AV Muck it Up
A while back I was performing a network penetration test and came across a remote code execution vulnerability in one of the web applications hosted at the site. It got me excited because I just knew it was going to result in some level of access to the host. It looked like a pretty simple…
-
Adventures in Penetration Testing: Let’s Go Phishing
Phishing and social engineering engagements are often unique to each customer, however; I often find that a customer just wants one of their web pages, like their web email sign on page, copied. This link to this phishing site is then emailed out to the victims to determine their susceptibility in clicking on the link…
Josh Berry
CodeWatch 