So we have found the base64 string “SGVsbG9Xb3JsZCE=” on a locked down workstation and we want to decode. Quite often we don’t have access to tools so here’s a list of ways to decode the string using various languages.

Python

12>>> import base64 >>> base64.b64decode("SGVsbG9Xb3JsZCE=")

PowerShell

12PS > [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("SGVsbG9Xb3JsZCE=")) blahblah

Perl

12use MIME::Base64; print decode_base64("SGVsbG9Xb3JsZCE=");

BASH

1echo SGVsbG9Xb3JsZCE= | base64 --decode

php

1echo base64_decode("SGVsbG9Xb3JsZCE=");

C#

12byte[] data = Convert.FromBase64String("SGVsbG9Xb3JsZCE=");… Continue reading

So I’ve been playing with the raspberry pi again lately and once again have got frustrated with the USB ports. Thus, i decided it was about time I looked into sorting them.

I wanted to add a capacitor to the USB ports to allow better hot-plugging of devices as the issues is well documented everywhere.

I decided I think the USB ports only support 200mA per port but when using… Continue reading

So the Juniper Netscreen/SSG ScreenOS password hash is a bit of a hidden mystery. I had in my hand the config of a Netscreen device and I wanted to perform a reverse of the password hashes to see if they were weak.

In this case here’s the line from the config:

1set admin user "admin" password "nAePB0rfAm+Nc4YO3s0JwPHtRXIHdn" privilege "all"

John The ripper has supported Netscreen passwords since back in 2008… Continue reading

So you’re broke and you don’t own msfpro, cobalt strike or any of the other expensive tools that allow vpn pivoting. (FYI: Paying for tools like cobalt strike helps Raphael Mudge continue to keep developing free tools like Armitage)

So now that that’s out of the way lets explain the scenario.

You’ve managed to get a meterpreter session on a box via a webshell (possibly a network firewall… Continue reading

So not so recently support was added to metasploit for a native python meterpreter. The cool thing about this is that the victim only needs to execute a few small lines of code.

This means that if you’re performing a local lockdown test and manage to get access to a python shell it wont take much more effort to turn this into a meterpreter session.

12msfvenom -f raw -p… Continue reading