Get to Hacking MASSively Faster – The Release of SpooNMAP

January 19, 2021
I’m sure everyone is already using Masscan and I’m the last one to jump on the bandwagon. Honestly, I don’t know how I got anything done before finding this tool. If you’re not aware, Masscan is an asynchronous, TCP network port scanner. It’s an incredibly fast tool that can be used to quickly identify live...
TrustedSec Blogs + Articles logo

Public Release of Hate_Crack – Automated Hash Cracking Techniques with HashCat

February 1, 2018
Today we are releasing hate_crack to unleash the power of hashcat to the community. Unless you’re deeply into hash cracking, you most likely aren’t aware of the several different attack modes built into hashcat, such as: Mask Attack Fingerprint Attack Combinator Attack Hybrid Attack Martin Bos covered several of these attacks in a previous post,...
TrustedSec Blogs + Articles logo

New Tool Release: NPS_Payload

July 23, 2017
Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very reliable in allowing us to gain a shell on a host in...

Interactive PowerShell Sessions Within Meterpreter

June 26, 2015
In case anyone missed it, Metasploit has a couple of new payloads that allow interactive PowerShell sessions. What does that mean? Previously, if you tried to open a PowerShell session within Meterpreter, there was no interaction between PowerShell and your session. Example: msf exploit(psexec_psh) > exploit [*] Started HTTPS reverse handler on https://0.0.0.0:444/ [*] 192.168.81.10:445...

Account Hunting for Invoke-TokenManipulation

January 30, 2015
I’ve been searching quite a while now for the best way to search for domain admin tokens, once admin rights are attained on a large number of systems during a pentest. Normally, I run “psexec_loggedin_users” within Metasploit, spool the output to a file, then egrep it for users in the “Domain Admins” group. This often...

Moar Shellz!

May 12, 2014
Any experienced pentester can name at least five or six different tools used to attain shell access on a remote system. I can think of eight off the top of my head: Metasploit psexec Metasploit psexec_psh Windows psexec executable Impacket psexec python script pth-winexe pth-wmis smbexec Veil-Catapult All of these tools work and have their...
  • Browse by Category

  • Clear Form