mdf forensics

Extracting SQL Server Hashes From master.mdf

During a number of engagements, I have found myself in a position in which I have held administrative access to a server running a local instance of Microsoft SQL Server, but had not held credentials to access the service. For seasoned penetration testers out there, you will know that there are multiple ways to gain access to a SQL Server once you have access to the local server, for example running SQLQuery as the SYSTEM user which often runs under the SysAdmin permission, or injecting into th

Read More »
cve exploit

Linux USBIP overflow (CVE-2016-3955)

Recently I was forwarded a link to a patch within the Linux kernel which mitigates an overflow vulnerability within the USBIP functionality. For those that have never encountered USBIP, this is a protocol offered to allow remote clients to access USB devices plugged into a host machine. Reviewing the patch, the issue was immediately visible as being a heap overflow vulnerability, exploitable due to a user controlled size value being trusted without validation. So first let's look at the patch

Read More »
exploit github

GitHub Desktop - RCE

Recently GitHub disclosed a vulnerability which I reported within the GitHub for Windows client. This report can be found here. The aim of this post is to give a quick rundown of how the issue was discovered, and to introduce this type of vulnerability for those that may not have seen it before. The GitHub for Windows client provides users with an easy way to manage their GitHub repo’s, from pushing to GitHub for the first time, to creating pull

Read More »
bettercap mitm

Bettercap - Capturing NTLM Hashes

As many of you who follow me on twitter will know, I'm a big fan of the Bettercap project. Created by @EvilSocket, this tool is a reimagining of the historic Ettercap project, bringing it up to date, it's an invaluable tool for the penetration testing arsenal. One of the many modules offered by the project is the HTTP Proxy module, which allows a man-in-the-middle to transparently proxy and modify HTTP traffic being returned to a user. While the possibilities ar

Read More »
xbox usb

Xbox One Controller Hacking

So today I had a bit of free time, and decided to experiment with the LibUSB framework on a Raspberry Pi I had lying around. After a bit of reading, and reviewing the excellent documentation provided by the Xbox hacking community, I managed to get a simple C program running which demoed interrupt transfers for both activating the controller rumble feature, and receiving button presses. For those interested, the code for the demo application can be found here

Read More »
Prev Page | Next Page