Enumerate Shares in a Network - PSP Assignment 0x2

Before we start I would like to bring your attention to this PSP course from Pentester Academy -
https://www.pentesteracademy.com/course?id=21. The course is focused on Powershell scripting which can be used in pentesting activities.

(Image Source: winaero)

Description -

A powershell script that takes list of target IPs and enumerate all open shares in a network,mark them with read and write access separately.

Script Code -

Proof of Concept -

References -

https://gallery.technet.microsoft.com/scriptcenter/a231026a-3fdb-4190-9915-38d8cd827348

The script can be found on my github -
https://github.com/hexachordanu/PSP/blob/master/Scan-Shares.ps1

This blog post has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam
https://www.pentesteracademy.com/course?id=21
Student ID: PSP-3250

Comments

Review of Pentester Academy - Attacking and Defending Active Directory Lab

Few months ago I didn't know what Active Directory is, and why should I care about it and never heard about ACL abuse and all. Although I had attended a BPAD (Breaking and Pwning Active Directory) training which was provided by Nullcon but I was not confident enough to go for this course exam, since my day-today activity involves VAPT stuffs related to Web/Network/Mobile and sometimes basic malware analysis (very basic one :p). I started doing offshore lab and took help from some friends in understanding few Active Directory concepts. I did many silly mistakes during the lab and learned a lot. Meanwhile I registered for Active Directory Lab Course and got it in a discounted offer for first 50 students of about 11k INR ( 1 mont lab access) :). Before wasting time any further let's dive into the review. The course - https://www.pentesteracademy.com/activedirectorylab Certification - Certified Red Team Professional The Course Content - After paying the course fee,

Backdoring PE files using code caves : OSCE/CTP Module 0x03 (OSCE Preparation)

Hello Readers, This post will cover Backdooring of P.E file by using code caves . There are already good tools to do this for you eg. Backdoor Factory and Shelter which will do the same job and even bypass some static analysis of few antiviruses . I will be covering the manual approach of backdooring a PE file . Let's understand some terms : [x] PE file : The Portable Executable (PE) format is a file format for executables, object code, and DLLs, used in 32-bit and 64-bit versions of Windows operating systems. [x] Code Cave : Wikipedia says - "A code cave is a series of null bytes in a process's memory. The code cave inside a process's memory is often a reference to a section of the code’s script functions that have capacity for the injection of custom instructions. For example, if a script’s memory allows for 5 bytes and only 3 bytes are used, then the remaining 2 bytes can be used to add external code to the script." [x] Shellcode : Wikipedia - &qu

Hacking Thick Clients – Authorization Bypass

Hello Readers, This post will be focused on setting up a vulnerable thick client application and finding vulnerabilities. The blog post is an unofficial part of the on going series of post by NetSPI. NetSPI has released a vulnerable thick client app called BetaFast which has two versions - BetaBank and BetaFast based on 2-tier and 3-tier architecture respectively. The app is coded by Austin Altmann and he is writing the walk-through series. Note: At the time of writing this blog, the walk-through/write-up for authorization bypass vulnerability was yet to be published by NetSPI and therefore I decided to create this blog post. All the credit for developing and maintaining this app goes to Austin and NetSPI team. You can find some of the cool write-ups here . Let's start. Setting up Betafast - 1. Download the files from github - https://github.com/NetSPI/BetaFast . 2. Extract and open the .sln file with

Anurag's Blog

Search This Blog