Stealing Windows credentials is the ultimate goal of every penetration tester. Being able to leak them outside the local network just aggravates the problem. There are many ways one can achieve this, some requiring complex attacks or user interaction. There is however an old and undocumented Windows feature that transforms the business of stealing Windows credentials a walk in the park. Let me introduce Windows Explorer Shell Command Files.
The aim of this article is to showcase a PHP backdoor that is small enough to pass unnoticed while still allowing the execution of complex operations. Maintaining access to a compromised system is one important step during penetration testing. In most cases this is achieved using backdoors. These can either live as standalone pieces of software or as part of legitimate code. And always, no matter how the backdoor is designed, being hard to discover is an important aspect.
Hidden SSID wireless networks, a security myth that makes you feel safer. Too bad it is just something that provides no extra security at all. My aim is to show you how easy it is to discover the SSID of an access point even if it is hidden.
If you are reading this tutorial over a wireless connection, or at least you have a wireless network in your house, take a breath and ask yourself, how safe do you feel? Did you use a strong password when you set up your wireless network? Does the password you use…