.

mardi 22 janvier 2013

American series are usefull in pentester's life !

3 days ago, I watched an american series (Shase) in which an actor said, during a crime investigation : "I'm going to search into the victim's computer to know what is the last printed document ?

Hum, I said me : "Is it possible or not ?" ... yes, it's possible :)
All is into "/var/spool/cups", with root privileges :

If printers use "Generic PostScript" driver, you can find your printed document in PDF format :) Funny, no ?

To copy these files into your home directory :
bash-3.2# find /var/spool/cups -exec file {} \; | grep -i pdf | cut -d : -f 1 > /tmp/file_pdf.txt
bash-3.2# while read line; do cp "$line" ~/; done < /tmp/file_pdf.txt

So, it's an other information leak for Mac OS X ... :) and I added this exploitation to my "private" forensic framework, Pac4Mac.

mardi 15 janvier 2013

Net2SharePwn : Update 1.1b

First update of Net2SharePwn after 2 years...

- Support of special characters (space, accent, ...) in the path of files to download or in the name of Network Share

- Colors are changed

- Support Mountain Lion (but very long to mount/unmount Network Share). I advise to use Net2SharePwn on Backtrack (just arp-scan to install)

You can, if you want to, modify this program to adapt it for your personal usage.

Download : Readme (very important !)
Download : Readme_menu (to understand quickly)

Download : Net2SharePwn-1.1b

Net2SharePwn is an utility to check and exploit automatically the NetBIOS Network Shares available from network access points.

Question: How do you identify THE FILE containing a password to elevate your network or system privileges, when too much domains or IP addresses are present? The time is an important factor in this situation … and during penetration testing, it’s common to identify a VBS script embedding a domain administrator account password.

Answer: Net2SharePwn has been built to allow that.

Net2SharePwn is built in Python (tested on Python2.7) and can be launched only on Linux (tested on Backtrack) and Mac OS x platforms.

I apologize for Python coding, it doesn’t respect the best practices but I didn’t predict to publish Net2SharePwn …

Net2SharePwn is perhaps developed “with my feet” but it is functional.

Net2SharePwn works like that :

lundi 16 avril 2012

Hackito Ergo Sum 2012

Hackito Ergo Sum is finished :(
Thank you speakers, sponsors, volunteers and attendees ! Without you, Hackito Ergo Sum wouldn't exist ...
You can find here, different media links and here, conferences videos.
For next years, we're searching volunteers to integrate organization team. Don't hesitate to let us know about your motivation (hes-orga@lists.hackitoergosum.org)

mardi 3 avril 2012

[HACKMACOSX] – GSDays 2012

You can find here my presentation for GSDays 2012 (3 April) and paper.

vendredi 9 décembre 2011

[Video] – Exploit firewire access against MAC OS X

In my last paper [HACKMACOSX], I wrote a python script based on "libforensic1394" libraires to extract physical memory through firewire access.
This [video] shows you an exploitation of this script in a real scenario ...
Also, you can download this video :.avi / .m4v

jeudi 10 novembre 2011

[Net2SharePwn] - 1.0b

Net2SharePwn is an utility to check and exploit automatically the NetBIOS Network Shares available from network access points.

Answer: Net2SharePwn has been built to allow that.

Net2SharePwn is built in Python (tested on Python2.6) and can be launched only on Linux and Mac OS x platforms.

I apologize for Python coding, it doesn’t respect the best practices but I didn’t predict to publish Net2SharePwn …

Net2SharePwn is perhaps developed “with my feet” but it is functional.

You can, if you want to, modify this program to adapt it for your personal usage.

Download : Readme (very important !)

Download : Net2SharePwn

vendredi 28 octobre 2011

[Net2SharePwn] – soon published ...

For Hacking of NetBIOS Network Share :)