So on a test I wanted to test the possibility of performing a DoS against an IP based network camera to see of the possibility of disrupting it’s video stream. Well the idea was to hammer the device with UDP packets.

A quick look around and I found this code here. I decided to take a copy of the code as the base for a quick perl script.

A quick… Continue reading

So on a recent test I found a few devices, one was a Qunatum Scalar i500 and the other was an IBM TS3310, both are tape libraries.

CVE-2012-1844 states the following: The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for… Continue reading

Credit for most of the below comes from Mubix who has created a few documents (on google docs) that lists what to actually do once shell access has been gained. You can read more about it here and find the links to the docs, I’m simply blogging about it to make a summary of this for myself.

Meterpreter Post Auth

Information Gathering

12345678910getuid getpid getsprivs sysinfo screenshot run winenum.rb run… Continue reading

There are many pages on the web documenting quick reverse shell one liners. Pentestmonkey and Bernardo Damele have both created a good few posts between them but I wanted to recapture what they’ve got for my notes purposes. (It’s easier for me to find stuff if it’s in one place). All credit goes to both of those guys where I got all this info from.

Step one – Set up… Continue reading

Mentioned by hdm here and here but I wanted to make a note of this myself. First thing to do is setup the scan to look for vulnerable telnetd services:

12345msf > use auxiliary/scanner/telnet/telnet_encrypt_overflow msf  auxiliary(telnet_encrypt_overflow) > set RHOSTS RHOSTS => msf  auxiliary(telnet_encrypt_overflow) > set THREADS 64 THREADS => 64

And now to run the scan

123456789101112131415msf  auxiliary(telnet_encrypt_overflow) > run [*] Does not support encryption: Netgear Embedded… Continue reading