Very recent i felt one of my virtual machine is infected by a malware and i was thinking about restoring it to a clean snapshot but then i thought lets find other ways to identify and block these type of attacks. There were few more issue i wanted to resolve on my network which includes blocking of advertisements on the pages i visit, blocking all malicious IOC over network etc, one of the game BattleField 4 which i play on PS4 wasn’t able to connect to online gaming due to blocking of DNS at ISP etc.
Started doing my research where i found discovered “Pi-Hole”, Basically Pi Hole is a network wide Advertisement blocking solution (DNS Server) which can be installed on virtual machine or on your own hardware e.g RaspberryPI 3 in my case.
During my recent internal blackbox testing, i got a chance to use the rubber ducky. This device looks like a USB thumb drive, can be concealed inside a standard USB case and it acts like a keyboard. The script written on the SD card is called ducky script which is very easy to understand.
Since there are alot of write ups on the internet about the ducky ill just be posting on of the script i used in my recent pentesting. I hope you may find it useful .
The script is written keeping in mind that not all windows OS are same, and hardware specification are different as well. While using the default scripts at times the system was not able to type complete code, hence you will see many spaces and delays.
While performing a web application penetration testing, at times you are able to find out the web application is running MySQL database through “root” credentials. This is one of the biggest NO of security. In this case we can get a root shell on the machine with just a few commands. Here comes my second cheat sheet so that i do not forget this any more.
# Exploit Title: VLD Personals – Cross Site Scripting ( Reflective ) with admin authentication.
# Notified VLD Personals Date: 02/FEB/2015
# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7.1
# Fixed Version 2.7.2
# Tested on: Windows / Linux