Server Message Block (SMB) is a service often overlooked by new penetration testers. An unfortunate result given the valuable information and opportunity for a quick initial foothold on a network. Do yourself a favor and don’t make this mistake as a budding hacker.
​
This blog will act as the first part in the SMB series to cover avenues for enumeration and paths to getting initial access, both applicable to the world of CTF boxes and to real-life penetration testing. Null sessions are one piece that pops up in CTF's consistently and in the real-world every so often.  Regardless, many of the techniques demonstrated here can be used alone or with a limited account. 

Enjoy the blog and let me know your favorite technique to pair with a Null Session.

A short but sweet blog post today. If you ever find yourself with local admin credentials on a server that manages VM's, such as vCenter and esxi, think blue team. Years ago someone from work spoke about how they were able to get credentials from a virtual image by using a snapshot or a VM that was paused. This recollection inspired me to try a new technique that utilizes my relatively new forensic skills in an interesting attack.

Instead of relying on extracting registry files, assuming that is what he did, you could instead use volatility on the snapshot data to extract the hashes from a target system. These hashes can then be used with any pass the hash technique to get a shell. I wish I could remember who used the technique and what exactly they did but that was over 3 years ago and I am not as perfect at recollecting things as computers. Also, I am by no means the first person to do this, I just happened to be inspired by my circumstance at the time to try something new. I figured this may be useful to other folks as well.

See short and sweet.​

Hey everyone! It has been a couple of weeks since I dropped a blog, so I figured it is about time I put together a nice technical one. Today we will be discussing strategies to more effectively (and efficiently) crack different types of hashes. These techniques will apply as equally to CTF’s as they will to real-life pen testing engagements.