I created a tutorial on how to setup and configure the Nokia N810 Internet Tablet to conduct a wireless assessment or audit. The tools included in the tutorial include how to setup kismet (oldcore and newcore), aircrack-ng (airbase and aircrack), and btscanner. I’m still working on developing steps to install Metasploit and Karmetasploit for wireless client attacks. The tutorial also details using the internal GPS as well as adding an external wireless adapter. The latest version of the tutorial can be found here.
I put together another Technical Assessment Plan for assessing the SNMP protocol. You will use open source and freely download-able utilities to assess the SNMP protocol. This is for auditors that do not have access to or cannot afford the Solarwinds toolset. This is version 0.1 of the document and I plan on making updates and add new tools in the future.
I put together a Technical Assessment Plan that can be used to conduct external fingerprinting using the tools and utilities that a penetration tester would use. The assessment plans are structured in a way to help with the documentation of evidence for inclusion in a work-paper process. The plan provides helpful information on how to install, configure, and use the tools to obtain the evidence needed for an engagement. The Technical Assessment Plans that I have created can be found here.
On a recent pentest I was able to use SQLNINJA to exploit a SQL Injection vulnerability I had identified. I documented the steps I took so that future auditors can take advantage of this tool. Check out the tutorial here.
During an audit I had to determine whether a particular remote control service was installed on the Domain workstations and servers. It was determined during the interview process that no remote control software was in use. I decided to obtain the evidence to the contrary. I had already compromised a Domain Administrator account so I had the appropriate permissions.
CACLS.exe is a great builtin Windows utility that allows you to list the permissions on a file or folder. This command has been used in an audit to get the permissions of the folders on an agency file server that served the “private” shares to each Domain user. The findings we would be looking for when examining the results are improper access to the “private” shares by other Domain users.
For CACLS options and how to interpret the results see this site.
Core Technologies hosted a series of three webcasts called Penetration Testing Ninjitsu by Ed Skoudis (http://www.coresecurity.com/content/webcast-series-with-sans). I highly recommend listening to these web casts and downloading the slides for your reference. I’m including the commands extracted from the slides that can be very useful for a penetration test.