Category: Infrastructure Security

Adventures in Anti-Virus Evasion

Preamble

Anti-virus is often the last line of defense to users, the ability to bypass that system is a critical one for Penetration Testers but I’m still not comfortable in giving out a complete walk through as that kind of knowledge offers great advantage to attackers but little benefit to defenders. For me, that’s the ultimate test for ethics: are we assisting defense more than attack, if we are not then the tactic or system is dangerous. Tools like Veil-Evasion often makes evasion trivial the tool is well documented. I will present in this article my findings and research in anti-virus evasion, but will not offer a complete walk through of how to get a zero score on sites like virustotal.com. Consider this an adventure, not a guide.

Continue reading: Adventures in Anti-Virus Evasion

BMC/Numara Track-It! Decrypt Pass Tool

Today during a Penetration Test of a client I came across a piece of software called “Track-It!” by Numara, who was since acquired by BMC. Now this application is used by IT Helpdesks to offer centralised control of assets, so it was definitely worth a look at from a testing point of view. I found an open (Readable by Domain Users) network share on the installation server named “TrackIt” which internally exposed configuration files such as trackit.cfg which contained intersting lines such as:

RemoteInstallPass=AAABASE64HEREAAA==
DomainAdminPass=BBBBASE64HEREBBB==

Continue reading: BMC/Numara Track-It! Decrypt Pass Tool

Introduction to Metasploit

Metasploit is a suite of tools built into a framework which automates and tracks many of the tasks of a penetration test, plus it integrates nicely with other common Penetration Testing tools like Nessus and Nmap. Metasploit was acquired by Rapid-7 in 2009 and there are now commercial variants however the free framework does provide everything you need for a successful Penetration Test from a command-line interface. If you’re curious of the differences Rapid-7 has a page where you can compare the free version against the commercial version here. Metasploit includes port scanners, exploit code, post-exploitation modules – all sorts!#

Continue reading: Introduction to Metasploit