Ethical hacker | OSCE3 OSCP CRTM CRTL GX-PT
This vulnerability takes advantage of ServiceDesk Plus having different output in the password recovery functionality: if the user exists it returns a message claiming an email has been sent but if it does not exist the message is constant.
Adfsbrute is a script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. In case the company does not use a custom ADFS sign-in page, it will carry out the attack against Office 365’s Microsoft Server Active Sync url.
Ntds-analyzer is a tool to extract and analyze the hashes in Ntds.dit files after cracking the LM and NTLM hashes in it. It offers relevant information about the Active Directory’s passwords, such as the most common used ones or which accounts use the username as password. Also, it offers an extra functionality: it calculates the NTLM hash value from the LM hash when only the latter has been cracked (we will explain this later!).
This is a WiFi Pentesting guide I wrote some time ago after years carrying out WiFi pentests (and a BSc thesis about this topic). I received many questions from colleagues so I decided to share most of my knowledge and prepared VMs for some specific attacks.
particles.js is a lightweight JavaScript library for creating particles.
Description: Call the ret2win() function, the caveat this time is that the third argument (which you know by now is stored in the rdx register on x86_64 Linux) must be 0xdeadcafebabebeef
Description: There’s only enough space for a three-link chain on the stack but you’ve been given space to stash a much larger ROP chain elsewhere. Learn how to pivot the stack onto a new location.
Description: There’s only enough space for a three-link chain on the stack but you’ve been given space to stash a much larger ROP chain elsewhere. Learn how to pivot the stack onto a new location.