Document properties in Microsoft office usually contain information related to the document and various other metadata details. However this location can be used to store commands that will execute payloads that are hosted on an SMB or HTTP server. This will provide some initial access to the network during a spear phishing or red team assessment. The Metasploit SMB delivery module can be used to serve payloads in the form of DLL files and PowerShell via an SMB server. exploit/windows/smb/smb_delivery The module can be…
Month: December 2017
SMB Share – SCF File Attacks
SMB is a protocol which is widely used across organisations for file sharing purposes. It is not uncommon during internal penetration tests to discover a file share which contains sensitive information such as plain-text passwords and database connection strings. However even if a file share doesn’t contain any data that could be used to connect to other systems but it is configured with write permissions for unauthenticated users then it is possible to obtain passwords hashes of domain users or Meterpreter shells. Gathering Hashes…
Command and Control – WebSocket
Command and Control – WebSocket December 6, 2017 netbiosXRed TeamC2, Command and Control, Red Team, WebSocketLeave a comment Everyday new methods and tools are being discovered that could be used during red team engagements. Special focus is given into command and control channels that can evade security products and can hide traffic by using non-conventional methods. Arno0x0x discovered that some web gateways doesn’t inspect web socket content. Therefore it could be used as a communication channel for execution of arbitrary commands to hosts. Arno0x0x…