ccpik

  • No, as it was a ‘blackbox’ engagement. I suspected that could be a possible issue, however one of their IP addresses is publicy available on UDP 4500 so that should have shown up at least.

    If the devices only allow specific addresses, is there absolutely nothing I can do apart from IP spoofing on a port scan?

  • Just a quick update after the extremely helpful reply. I tried dirbuster and also cewl but to no avail. I also tested the web facing login pages for XSS and SQL vulnerabilities in case I missed something obvious. Literally hit a brick wall with this, I’m sure someone with more expertise could probably find a way in, but unfortunately for me I…[Read more]

  • On my own with this project

  • Sorry, I thought I had replied to this. Yes that was all the firewall was looking for, worrying really! Your post was extremely helpful, it has now helped me on a few different occasions already

  • Thank you, I used dirbuster and analysed the results from the 5 different servers I am testing.

    I discovered Tomcat 5.0.28 and also PHP running (PHP appeared to be patched). Whilst running dirbuster it showed a few error 200’s to file locations, but when I try to access them I get ‘you do not have the required permissions etc’.

    In regards to…[Read more]

  • Just a quick one –

    I can’t find the timestamp value that needs changing in the exploit code. Is metasploit adding that timestamp to it and therefore I am looking in the wrong place? I was looking in the op5_welcome source code. I have looked online and where the timestamp should be, I have this….

    data = ‘do=do=Login&password=” +…[Read more]

  • Excellent. Very informative post and I appreciate that. I’ll take the advice you have given and read up on it and hopefully I’ll get somewhere with my issue 🙂

    Thanks again

  • Port 443 is not open but I thought there was a way of encapsulating the exploit to bypass firewall heuristic detection? I am attempting to exploit PHP 5.2 service with the 0P5 license.php remote command execution and the PHP CGI argument injection

  • ccpik replied to the topic Advice in the forum Career Central 6 years, 9 months ago

    Thank you for the great advice. I will take it on board. Funding the oscp will not be an issue, I have always put my education first and also paid for my masters with a part time job.

    I just can’t see a way into a pen tester role, every single job I see advertised needs an someone with experience. Would an employer take a chance on someone that…[Read more]

  • ccpik replied to the topic Malware routing in the forum Malware 6 years, 9 months ago

    We resolved it and you were bang on the money. It was IP spoofing which had obviously originated from when the host was infected. The true host was an external IP address spoofing the original internal address. Due to this, the firewall was saying it was coming from the host (trust) to the internet (untrust). The firewall was dropping the packets…[Read more]

  • ccpik replied to the topic Malware routing in the forum Malware 6 years, 9 months ago

    Quick update…

    ..Palo shows two packets of data coming from the host every two hours hitting two external IP addresses. The machine is unplugged and this is still happening. It is certainly the correct host as when it is turned on it is pingable when I turn it on.

    I am going to try and run wireshark on the host and capture these two packets…[Read more]

  • ccpik replied to the topic Malware routing in the forum Malware 6 years, 9 months ago

    Thanks a lot, I will try those things and update tomorrow

  • ccpik replied to the topic Malware routing in the forum Malware 6 years, 9 months ago

    It shows the IP address

  • ccpik replied to the topic Malware routing in the forum Malware 6 years, 9 months ago

    Thank you for the reply. It is a dedicated Palo firewall. There is also no wireless on the host. It is 100% disconnected to the network.

    Basically it is:

    Firewall
    |
    Switch
    |
    Host

    I will work on the logs but basically I see the rogue host on the network IP address going to an outside IP address (part of the botnet I presume).

    I have set Palo to…[Read more]

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?