Default password lists

I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:

* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.

Always available CTF Labs

I have identified the following CTF labs which are 24/7 and most if not all are free:

To everyone that made me aware of these thank you!

Samsung Android devices are sending data to Chinese domains

First discovered by a Reddit user, he observed his Samsung device making calls out to Chinese owned domains. The software that was responsible for this is installed on nearly all Samsung’s line Android products, including their smart phones and tablets. Further research revealed that Samsung had partnered with Qihoo 360, a Chinese owned firm with a reputation for censoring users at the request of the Chinese government, to develop software that can’t be uninstalled of the device. Samsung released a public statement stating that the only data being sent to China is model, storage, and operating system version [for now].

Links:

Great visual guide to how Kerberos works in Windows Active Directory networks

Today on Twitter I found a really easy to follow walk through about how Kerberos works in Windows Active Directory networks. It walks you through each step of the authentication process, what machines are involved and what is happening underneath the hood. It’s a great read for anyone want to know more about how modern day Windows authentication works.

Links:

Microsoft Windows Subsystem for Linux 2

In May of 2019 Microsoft (MS) released a major update for Windows Subsystem for Linux (WSL). The original WSL used parts of Hyper-V to run a full on Linux distro, such as Ubuntu or Kali. This May MS released WSL 2 which greatly enhanced both the capabilities and speed of this subsystem. They haven’t really publicized it’s release very well which is why I’m making a post to promote it. Next time you play a CTF instead of using a Kali VM try out WSL 2 with Kali installed!

Links:

FireEye’s Commando VM: The first offensive Windows distro

At first I could only laugh at the fact that someone had bothered making a Windows pentesting distribution, but upon closer inspection it is well suited for taking advantage of the Windows Remote Management (WinRM) capabilities that are shipping with all modern day Windows distributions. This means you can remotely control any Windows machine in the domain if you have the right credentials. Since Microsoft introduced Windows Subsystem for Linux v2 (WSL2) you now have the ability to run Kali on a Windows system, but it still has issues interfacing with proprietary Windows protocols like what WinRM uses. It includes core tools such as Covenant, nmap, Wireshark, etc. I will post the GitHub link to the Hacker Tools page.

Links:

New MitM Framework: Xerosploit

This is a script built on top of nmap and Bettercap that allows for new modules to be written in Ruby. It comes with the ability to modify HTML over the wire to inject malicious JavaScript, an iframe, or other forms of client-side web attacks. It also emulates the Metasploit interface to make it easier for pentesters to learn this tool. I have also put this on the Hacker Tools page as well.

Links:

HomePwn – Swiss Army Knife for Pentesting of IoT Devices

I just found a new Internet of Things (IoT) testing framework called HomePwn. It boasts the following features:

    • Bluetooth Low-Energy (BLE)
    • WiFi
    • Near Field Communication (NFC)
    • Simple Service Discovery Protocol (SSDP)
    • Multicast Domain Name System (MDNS)
    • Xiaomi device support
    • SmartTV support
    • Metasploit-like command line interface

Here’s a link to the GitHub repo and I have also put this tool on the Hacker Tools page as well: http://bit.ly/378i0z1

A great presentation on building a custom exfil system using software defined radios

Paul Clark, who literally wrote the book on using software defined radios, gave a presentation on how he built a custom data exfiltration box using software defined radios (SDRs) for Black Hills Information Security (BHIS). By all accounts this capability could be very challenging to spot especially because listing on a single MHz of the RF spectrum would generate 8MB of data per second and if you do frequency hopping it significantly increases the complexity. He also goes through how GNURadioCompanion (GRC) actually generates Python code from the flow graphs that you build the user interface. At the tail end of the presentation Paul discusses the work of Josh Conway and how he built a device he calls the SigInt Tablet for about $150 that will allow for sampling of the RF spectrum and also how he found he could actually transmit data simply by applying voltage to a GPIO pin which could potentially used to interfere or even jam a RF transmission.

Links: