Remote Linux Enumeration Script Using PXSSH Script: https://github.com/P1tt1cus/Pittenum/blob/master/pittenum.py Overview Once again, I’ve decided to do another blog on something that has come across my path and that I find rather interesting… I hope whoever reads this can gain something from it, if you have any questions please leave a comment below. I mainly write these …
Practical Malware Analysis: Chapter 1 Labs
To potentially help future readers, and more importantly to discourage laziness on my part. I will be documenting my answers to all exercises in the Practical Malware Analysis book in this series of blog posts. Today we will get started with all of the labs in Chapter 1. Lab 1-1 Question 1: Upload the files …
Linux x86 Assembly – Writing your own Shellcode
Hey guys, First up. Want to give a big thanks to Cyber_Jellyfish @ research.irukandjisec.com for taking the time to explain the concepts to me and walking me through x86! Pitticus here just doing another terrible blog to keep you up to date with some of the things I’ve been learning as of recent and this …
Boofuzz – A helpful guide (OSCE – CTP)
Overview Whilst studying for the Cracking the Perimeter you will come across many references to the Spike fuzzer. This is the fuzzer of choice for the CTP course. However development for Spike has long since ceased. Enter Sulley, the Spike fuzzer replacement. And then exit Sulley, as it has not seen active development in 2 years …
Recreating exploits – Disk Pulse Enterprise 9.9.16 – Remote Buffer Overflow (SEH)
Introduction As part of my Cracking The Perimeter course, I am doing the usual recommendation of recreating exploits from exploit-db. This post will step through the entire process of installing a target application, recreating a crash and developing an exploit. As for our target, lets recreate an exploit for Disk Pulse Enterprise 9.9.16. I’ve made …
Python Reverse Shell
So I played around with writing a reverse shell in python that can be run on Windows and Linux systems that will create a socket connection back to a listener and takes the data sent through that socket connection and stores it in a variable before passing it through to subprocess.Popen in a while loop. …
Can’t copy file onto an environment?
This was made for a virtual environment that had restricted functions between the End Host and the Virtual Environment. Unable to copy/paste from the Host to the VM, It became awfully frustrating to retype anything we wanted to keep inside the environment or transfer to the environment. So this was made. This Powershell script takes …
A Basic Guide to Hacking Metasploitable
Hey guys, I’m just doing up a quick guide for some basic Pentesting with Metasploitable covering over the basic methodology I use and some techniques to get people looking at some tool output and pushing people in the right place to research for themselves. During this simple walkthrough, I’ll be discussing part of the Methodology …
Analyzing cowrie honeypot results
Introduction. Recently I decided to spin up a honeypot for no better reason than “because I can”. After some admittedly quick searching I found the Cowrie SSH and Telnet Honeypot. According to Cowrie’s Github Readme: Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed …