SANS Penetration Testing: Monthly Archives: Mar 2017

Pen Test Poster: "White Board" - PowerShell - One-Line Web Client

By Matthew Toussain, Grant Curell Introduction Mobility is a critical component of the attack. The ability to be adaptable, while transporting your tactics and tools into a remote environment, is a key differentiator between inexperienced and senior operators. The criticality is an aftereffect of frequency, one of the most common tasks in pentesting involves … Continue reading Pen Test Poster: "White Board" - PowerShell - One-Line Web Client


Pen Test Poster: "White Board" - PowerShell - Get Firewall Rules

By Matthew Toussain, Grant Curell Updated - 3/14/2017 Concealed within his fortress, the Lord of Mordor sees all'' And with PowerShell we can too! Microsoft has truly given system administrators and computer hackers alike a gift: The gift of vision. Take for instance, PowerShell output, format, and export functions. Most scripting languages are … Continue reading Pen Test Poster: "White Board" - PowerShell - Get Firewall Rules


Pen Test Poster: "White Board" - PowerShell - Built-in Port Scanner!

By Matthew Toussain, Grant Curell Introduction NMAP is an ideal choice for port scanning, but sometimes it may not be a feasible option. Other times a quick check to see if a port is open might be all the detail needed. In these scenarios PowerShell really shines. Let's examine methods to use PowerShell for … Continue reading Pen Test Poster: "White Board" - PowerShell - Built-in Port Scanner!


Pen Test Poster: "White Board" - PowerShell - Add a Firewall Rule

By Matthew Toussain, Grant Curell In many lab and training environments firewalls are disabled to facilitate the learning experience. As part of live pentests however, bypassing and manipulating firewalls is all in a day's work. The Windows firewall is the most common packet filtering hurdle encountered today. While it is not necessarily the most robust … Continue reading Pen Test Poster: "White Board" - PowerShell - Add a Firewall Rule


Pen Test Poster: "White Board" - Bash - Find Juicy Stuff in the File System

By Matthew Toussain, Geoff Pamerleau Pilfering data is a post-exploitation phase that rarely receives enough credit. As pentesters, the way we demonstrate security risk and the way we escalate our attacks to a new level is based entirely on what we find after the compromise is realized. While manually driving the command line from directory … Continue reading Pen Test Poster: "White Board" - Bash - Find Juicy Stuff in the File System


Pen Test Poster: "White Board" - Bash - Sudo... Make Me a Sandwich

By Matthew Toussain, Geoff Pamerleau The other day, while working on setting up a new virtual machine for testing purposes, I ran the following command to get my networking configured ifconfig enp0s8 down only to be greeted with the following: GAH! Why do I need root privileges to bring up or down … Continue reading Pen Test Poster: "White Board" - Bash - Sudo... Make Me a Sandwich


Pen Test Poster: "White Board" - CMD.exe - C:\> wmic process

By Matthew Toussain, Grant Curell If Windows Management Instrumentation (WMI) is the Matrix then its console (WMIC) is Neo. WMI is the Microsoft variant of Web Based Enterprise Management (WBEM) and Common Information Model (CIM). Essentially, it forms the connective tissue that defines application specific characteristics to enable cohesive interactivity between systems from … Continue reading Pen Test Poster: "White Board" - CMD.exe - C:\\> wmic process


Pen Test Poster: "White Board" - CMD.exe - C:\> netsh interface

By Matthew Toussain, Grant Curell The pivot. Many intrusion campaigns follow a similar modus operandi. Attack the publicly available DMZ. Gain access to an initial target and leverage that access to pivot into the internal network. Now seize the objective. On Linux systems, Secure Shell (ssh) natively supports socks proxying. We can use this … Continue reading Pen Test Poster: "White Board" - CMD.exe - C:\\> netsh interface


Pen Test Poster: "White Board" - PowerShell - Ping Sweeper!

By Matthew Toussain, Grant Curell Introduction You may be shocked to find how often you don't have the right tool for the job. Fortunately, with a hammer everything looks like a nail, and with PowerShell'' Well we'll just have to make do. This post will dive into a number of techniques geared towards hammering … Continue reading Pen Test Poster: "White Board" - PowerShell - Ping Sweeper!


Got Meterpreter? PivotPowPY!

by Cliff Janzen My how time flies. It seems like only yesterday I wrote the post Got Meterpreter? Pivot! (/blog/2012/04/26/got-meterpreter-pivot), but it has been four and a half years. In our industry, the only thing constant is change and Mr. Ed Skoudis gave me the opportunity to revisit this topic to see what has … Continue reading Got Meterpreter? PivotPowPY!