Collaborate Disseminate
I want to sign webhooks so that client services can verify that a request came from my service.
Looking around, it seems that most SaaS use symmetric keys shared by the client and the SaaS. Obviously, there’s an overhead of generating and… Continue reading Signing webhooks: symmetric vs asymmetric
Given the UUIDv4 08ab4280-0043-4630-b4c7-a5393083546c which hashes to 27fd3a1ea8a58bd06cced89927fadffbb2f4815203723e5cd4ab18acbe37b659.
How feasible is it to crack a SHA256 of an unsalted UUIDv4? The lack of salt shouldn’t b… Continue reading Feasibility of cracking a SHA256 of a UUIDv4
Metasploit smartly stores your creds in its internal database, whether you’ve manually entered them by using a previous module or whether you’ve dumped them with smart_hashdump. You can view stored creds with creds.
I’ve sea… Continue reading Using stored creds in a metasploit module
I’m doing some exercises on a challenge lab. I’m SYSTEM on the Forest PDC.
I need to figure out the SID of a local user on a machine in another domain in the forest.
I can get there with PTH and run a command locally, but m… Continue reading Viewing local users on a workstation when I’m SYSTEM on Forest PDC
I’m trying to up my Windows domain enumeration game. I’m doing some exercises where I’m tasked to find the forest trust relationships without exploitation or creds or being on the domain.
All resources I’ve found seem to use… Continue reading Enumerate forest trust relationships
If I understand correctly, meterpreter’s hashdump dumps the content of the SAM file. Domain users should be in the AD database on domain controllers, which I understand is NTDS.dit .
On my test network, if I run hashdump on … Continue reading Does hashdump also dump domain creds when run on a domain controller
I’ve been playing around with DNS rebinding. I made a little setup and I have it working fine with regular HTTP requests. I then tried to get it working over HTTPS and had a little “duh” moment:
baddomain.com uses an invalid… Continue reading Does HTTPS protect against DNS rebinding?
I ran an nmap -sn scan on a host, and nmap reported the host as down. I then pinged the same host with ping and got ICMP responses. I’m confused, because I was sure that -sn among other things, did an ICMP echo request.
Output from my two… Continue reading NMAP discovery scan reporting host offline, pinging the same host gets ICMP responses
I’ve been reading up on GUIDs. According to the Wiki:
Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given full knowledge of the internal state, it is possible to p… Continue reading With a very large number of GUIDs, can one predict the previous and subsequent GUIDs that will be generated?
I’ve just installed the latest Kali and updated everything. nmap is version 7.12.
I’ve noticed that smb-check-vulns.nse is not present. As far as I can tell, most other scripts I use are there but I’ve got an exam coming up and I don’t w… Continue reading Missing scripts in NMAP