Encrypted App.Config

Posted: 22nd July 2018 by 2bitwannabe in Uncategorized

If you’ve ever developed in .NET or conducted a pentest on a .NET website or application, then you’ll likely have encountered encrypted strings within the .config file.

Generally this is a good thing and smart thinking of on the part of the developer, providing you don’t have access to the server that is running/hosting the applications.
The process I’m about to outline is almost the same for windows application config file as it is for web.config files.

If you have access to the server, then you can just use the server to decrypt the encrypted sections of the configuration file making it human-readable and providing you with information and credentials for you to use.

For both the steps are the same with the exception of the app.config will need to be copied and renamed to web.config.

You need to navigate to the .NET Framework tools, Typical under C:\Windows\Microsoft.NET\Framework\v[Version Number depending on installed version]\
Then use the following command:
aspnet_regiis.exe -pd [path to web.config]

Once completed you can just open the file and you will have clear-text values.

Useful Scripts

Posted: 22nd July 2018 by 2bitwannabe in Scripts, Tools

During the course of penetration tests, it is helpful to create scripts to help automate tasks to help save you time, so you can focus on giving the client the best analysis of the security of the system or item under assessment.
Some times you get odd requests from clients that are unusual or a tool for such an action doesn’t exist so you’ll have to DIY and build it at that point.
Here is the start of me pulling some of these scripts together in the hope they may help others. Some of these are not polished and were thrown together rather quickly.
I’ve added them to github: https://github.com/2bitwannabe/useful-scripts

Bash Bunny by Hak5

Posted: 11th March 2017 by 2bitwannabe in Uncategorized

I’ve ordered the shiny new product from Hak5 and I hope to give a review of the product and it’s useful applications in the world of Pen testing and IT in General in due course.

Update:
I did a introduction post of this for Portcullis Security (now part of Cisco) which you can view here: https://labs.portcullis.co.uk/blog/introduction-to-bash-bunny/

Enumeration is Key

Posted: 11th March 2017 by 2bitwannabe in Uncategorized

I guess this may seem like an obvious statement to seasoned InfoSec Professionals, but for anybody wanting to start out in this industry, it would not be that obvious.

While the tools you will likely use will depend on your situation you will always need enumeration to discover more about your target. This will give you further information as to which services may be vulnerable or require additional investigation.

The following tools should hopefully assist you:

  • enum4linux
  • nmap (it’s also worth learning the powerful scripts that come with it )
  • nbtscan

 

I’ll add more to this soon, but these should help get you started.

 

Disclaimer: All the information provided on this site are for educational purposes only. 
The site is no way responsible for any misuse of the information.

In the attached blog post, Soroush (@irsdl) will show you a better way to exploit non-root-relative path overwrite issues in ASP.NET Web Form applications. This is a low risk vulnerability that can be used to inject a resource such as a stylesheet or even a dynamic JavaScript into an affected web page.
https://soroush.secproject.com/blog/2015/02/non-root-relative-path-overwrite-rpo-in-iis-and-net-applications/

I had intended to publish this earlier but enjoy.

How Much Security is Enough

Posted: 7th March 2014 by 2bitwannabe in Uncategorized
Tags: , , ,

I  came across a few articles from JustASC that I thought I’d share:

http://www.justasc.net/advice/how-much-security-is-enough/
http://www.justasc.net/advice/cyber-the-sme-who-would-want-to-attack-me/
http://www.justasc.net/advice/the-truth-about-passwords-2/

Kali Linux in the Amazon Cloud

Posted: 5th March 2014 by 2bitwannabe in Uncategorized
Tags: , ,

Recently I found out that Kali is now in the Amazon Cloud: more details can be found here: http://www.kali.org/news/kali-linux-amazon-ec2-ami/

Which after reading now cool this http://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/ was it got me wondering if EC2 Kali was not a better replacement for the remote nodes to connect to.

I’ve just starting using it and so far so good and I’ll update this post with my view as I go.

First Proper Post

Posted: 26th October 2013 by 2bitwannabe in Uncategorized
Tags: , , , , , ,

Hi,

It’s taken me a while to finally get around to my first proper post, it’s been a busy few months since I was at the Cyber Security Challenge Masterclass, I finally got around to taking CSTA (Certified Security Testing Associate)  from 7Safe. Thanks to the Cyber Security Challenge & 7Safe for this great prize.

Well the course itself was a great course and well put together to give you an good introduction and foundation to Ethical Hacking & their countermeasures, having done CEH (Certified Ethical Hacker) years ago, it was nice to refresh some of my basics and learn a few more unto date techniques and this course is superior in many ways.

I’m just in the progress of using setting up my testing lab using the mind map by Aman Hardikar so I can continue to practice for CREST CRT (Certified Registered Tester) Exam,  I do want to do OSCP at some point also.

I’ll post another update when I finished my lab, but just a final note that passed CSTA with Merit.

 

Hello world!

Posted: 5th April 2013 by 2bitwannabe in Uncategorized

Welcome to my blog as I prepare to take the CREST Certified Registered Tester Exam & Beyond, wherever that takes me…