PenetrationTester – WindowsTechs.com

Any Windows/NTFS trick to ignore/cancel out a file extension from a path?

Posted on July 3, 2022 by PenetrationTester

I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call:
File.Open("C:\Resources\"+resName+".res", FileMode.Open)

The contents of tha… Continue reading Any Windows/NTFS trick to ignore/cancel out a file extension from a path?→

Can the server redirect an SSH session the way it can redirect an RDP session?

Posted on May 14, 2021 by PenetrationTester

If I have a client connecting to a server over SSH, can I do something on the server side to redirect the client to another server, with no control over the client except knowing that the client will connect to the server via SSH?
To be cl… Continue reading Can the server redirect an SSH session the way it can redirect an RDP session?→

How can you attack or redirect the client from the server over an RDP or SSH conneciton? [closed]

Posted on May 12, 2021 by PenetrationTester

I have a penetration testing scenario where I am on the network with two machines, Machine A and Machine B. I have complete control over Machine B and am trying to leverage that to get access to Machine A. Machine A appears to be some vari… Continue reading How can you attack or redirect the client from the server over an RDP or SSH conneciton? [closed]→

What are the ways to attack the client if you have full control of the server, over an RDP or SSH connection?

Posted on May 11, 2021 by PenetrationTester

I am not sure whether I accurately captured this question with the title, so let me explain it.
I have a penetration testing scenario where I am on the network with two machines, Machine A and Machine B. I have complete control over Machin… Continue reading What are the ways to attack the client if you have full control of the server, over an RDP or SSH connection?→