0

Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators

  I was performing some penetration tests in 2011 – 2012 against various PHP applications integrated with MySQL databases which were vulnerable to Time Based Blind SQL Injection.  Due to various constraints and limitations, exploitation was a little tricky and… Continue Reading

0

Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2)

  Building on from my previous post, this will primarily focus on delivering an Empire payload via an embedded offensive PowerShell script stored within the ‘comments’ property of an MS Excel document. PowerShell Empire: Begin by creating an Empire listener,… Continue Reading

0

Executing Metasploit & Empire Payloads from MS Office Document Properties (part 1 of 2)

  As a penetration tester I’m always excited to see new and creative methods on creating weaponized MS Office documents.  This blog post builds on the following findings published by Black Hills InfoSec: https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/ There are numerous ways on how… Continue Reading

20

Exploiting MS17-010 – Using EternalBlue and DoublePulsar to gain a remote Meterpreter shell

Findings so far… Findings from using these tools are the following so far No domain is needed for the tools to work. An active user session is also not needed. Fuzzbunch setup Firstly we need to setup our environment for… Continue Reading

42

RTLSDR – Up and running in Mac OSX Yosemite with GQRX & GNURadio

A while back I bought an RTL2832u device from ebay for a very small amount and was blown away by how this piece of kit performed. Under linux and windows it worked beautifully, I then purchased a new MacBook Pro… Continue Reading

0

Fedora 20: #Shellshock Patch Now Available For CVE-2014-6271 and CVE-2014-7169

A patched version of BASH has now been released to fix the issues in CVE-2014-6271 and CVE-2014-7169 Please click the button for installation instructions   [button-red url=”https://smittix.co.uk/fedora-20-users-upgrade-your-bash-version-manually-re-cve-2014-6271/” target=”_self” position=”left”]Click For Instructions[/button-red]            

7

Fedora 20: Installing Nvidia Drivers with Bumblebee on Optimus (Hybrid) Hardware

I have an HP Envy 17″ Laptop with the Nvidia Optimus hybrid graphics configuration. I have been trying to install the Nvidia drivers on Fedora 20 for a few weeks now.     I tried akmods and kmods from the… Continue Reading