We Moved to SecureGossip!

Posted in Uncategorized on September 2, 2010 by Skyler

Security Reliks has become part of the SecureGossip initiative! We will no longer be double posting. However, I will post an RSS when we get that implemented.

All of our posts will now be made over there, as well as an archive of older posts!

We Moved Here!

 

Weaponizing cmd.exe – Port Scanning

Posted in Fu (a.k.a Tips) on August 30, 2010 by Skyler

I have posted a cmd.exe entry for how to conduct port scans via cmd.exe

read it here on the new blog!

Weaponizing cmd.exe – UN/PW Guessing

Posted in Fu (a.k.a Tips) on August 27, 2010 by Skyler

This is a fantastic way to automate a dictionary attack on windows net accounts. This is part of my salute to Pentesting Ninjitsu.

See the full version on the new blog!

Continue reading

Weaponizing cmd.exe – Enumerate users (inspite of RestrictAnonymous)

Posted in Fu (a.k.a Tips) on August 26, 2010 by Skyler

Okay. Continuing on with the series. Now that we have  mapped the network, we need to enumerate users on the active hosts. Often times you will be preforming a Penetration Test on a windows machine. In the event that the machine has RestrictAnonymous set, you may find it difficult to enumerate users using your null session. It is important to note that this does not make it impossible! tools like enum rely upon the null session enumeration option,  therefore RestrictAnonymous = 2 ruins the use of that tool (and others like it). I am going to show you a method to brute force usernames in a different manner. For this you will need two tools, sid2user, and user2sid. You can get them here.

Read the rest of the post on the new blog!

Continue reading

Weaponizing cmd.exe – DNS Reverse Lookup

Posted in Fu (a.k.a Tips) on August 25, 2010 by Skyler

Here is a nice way to perform a reverse lookup of all the hosts on your network. It uses the nslookup <ip> command to do it.

Find the entire post on the new blog site!

Continue reading

Weaponizing cmd.exe – Ping Sweep

Posted in Fu (a.k.a Tips) on August 24, 2010 by Skyler
This is part of my tribute to PenTesting Ninjitsu. Here is a nice quick way to perform a ping sweep from the windows command line.
See the official post on the new blog!
Continue reading

We have moved to SecureGossip!!!

Posted in News on August 23, 2010 by Skyler

Security Reliks has become part of the SecureGossip initiative!

All of our posts will now be made over there, as well as an archive of older posts!

We Moved Here!

Follow

Get every new post delivered to your Inbox.