Category: Windows

• Burp with Android Studio Nougat AVD

  I needed to setup some new systems for mobile application penetration tests at the start of January and part of this process includes importing Burp’s certificate for traffic interception. I have set this up in the past but it seems to change fairly regularly with newer versions of Android emulators. I installed the latest version…

  Josh Berry

  January 23, 2018

  Android, Burp, Windows

  Android, Android Studio, Burp Suite Pro, Mobile App Pentesting, Nougat, Penetration Testing

• SideStep: Another AV Evasion Tool

  A few years ago I was working on a basic penetration test and came across a remote code execution vulnerability. I tried using Metasploit to deliver a payload but it became evident that the host’s antivirus software was removing the executable. See this article as a reference. This was shortly after the initial release of…

  Josh Berry

  June 24, 2015

  Metasploit, Penetration Testing, Python, Windows

  AV Evasion, CryptoPP, Hyperion, Metasploit, Meterpreter, msfvenom, peCloak, Penetration Testing, Python, Shellcodeexec, Veil, Visual, Windows

• SQLiPy: A SQLMap Plugin for Burp

  I perform quite a few web app assessments throughout the year. Two of the primary tools in my handbag for a web app assessment are Burp Suite Pro and SQLMap. Burp Suite is a great general purpose web app assessment tool, but if you perform web app assessments you probably already know because you are…

  Josh Berry

  September 22, 2014

  Burp, Linux, Penetration Testing, Python, Unix, Windows

  Burp Suite Pro, Java, Jython, Linux, Python, sqlmap, Web App Pentesting, Windows

• Directory Traversal to Administrator

  I wrote a post a while back on turning a directory traversal vulnerability into root access on Unix or Linux systems. The post and a tool I wrote to help facilitate attacks can be found here. These vulnerabilities can be fun because they are often rated as moderate risks, with CVSS scores around 5.0, and…

  Josh Berry

  August 14, 2014

  Penetration Testing, Windows

  Cain, Directory Traversal, Hashcat, Ophcrack, Windows

• Manually Penetrating the Ektron Vulnerability – CVE-2012-5357

  My posts are a little bit out of order here in that this was one of the first vulnerabilities that I came across in which the Metasploit modules failed due to a combination of DEP and AV. The result was researching AV bypass techniques that I began discussing here, and then here, and then figuring…

  Josh Berry

  February 1, 2014

  Metasploit, Penetration Testing, Windows

  avoid.sh, Burp Suite Pro, Ektron, Metasploit, Meterpreter, Shellcodeexec

• Follow Up on SYSTEM to Domain Admin Post

  I learned a few new things and made a few updates to my script after the last post that I thought I would share. First things first, someone commented on the article on another site and mentioned that the Metasploit module auxiliary/scanner/smb/smb_enumusers_domain provides the same functionality over SMB by calling the Windows NetWkstaUserEnum function. Example…

  Josh Berry

  December 21, 2013

  Metasploit, Penetration Testing, Python, Windows

  Metasploit, Meterpreter, Python, Veil

• SYSTEM to Domain Admin – Technique One

  Today I am going to give a quick overview of one of my favorite ways to escalate from SYSTEM level privileges on a single host, to domain admin level and more on a Windows network. There are many ways and techniques to accomplish jumping from SYSTEM to domain admin, this just happens to be one…

  Josh Berry

  December 14, 2013

  Metasploit, Penetration Testing, Python, Windows

  Hashcat, John-the-Ripper, libesedb, Metasploit, Meterpreter, mimikatz, ntdsextract, Ophcrack

• Manually Penetrating the FCKedit Vulnerability – CVE-2009-2265

  I am seeing more and more scenarios where for whatever reason, the Metasploit modules, and modules from commercial solutions I use, aren’t successful against a known vulnerable host. This is often due to DEP or antivirus protections that I discussed here and again here. There can also be other security mechanisms at play from time…

  Josh Berry

  December 7, 2013

  Metasploit, Penetration Testing, Windows

  Adobe, Burp Suite Pro, ColdFusion, Metasploit, Meterpreter, mimikatz, Shellcodeexec, Veil, Windows

• Follow Up on DEP and AV Bypass

  This is a continuation of research based on my adventures on a penetration testing engagement described here. There were a few key features that I really wanted to add to enhance my DEP/AV bypass tool: Bypass a majority of AV systems Remove the dependency on the msvcr100d.dll file Combine the Metasploit payload in the shellcodeexec…

  Josh Berry

  November 5, 2013

  Metasploit, Penetration Testing, Windows

  CodeBlocks, CryptoPP, Hyperion, Metasploit, Meterpreter, msfencode, msfpayload, Penetration Testing, PyInjector, Shellcodeexec, Veil, VirusTotal, Visual Studio, Windows

• Adventures in Penetration Testing: When DEP and AV Muck it Up

  A while back I was performing a network penetration test and came across a remote code execution vulnerability in one of the web applications hosted at the site. It got me excited because I just knew it was going to result in some level of access to the host. It looked like a pretty simple…

  Josh Berry

  October 18, 2013

  Metasploit, Penetration Testing, Windows

  Metasploit, Meterpreter, msfencode, msfpayload, Penetration Testing, PowerShell, Shellcodeexec, Windows